| From bippy-a5840b7849dd Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2021-47574: xen/netfront: harden netfront against event channel storms |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| xen/netfront: harden netfront against event channel storms |
| |
| The Xen netfront driver is still vulnerable for an attack via excessive |
| number of events sent by the backend. Fix that by using lateeoi event |
| channels. |
| |
| For being able to detect the case of no rx responses being added while |
| the carrier is down a new lock is needed in order to update and test |
| rsp_cons and the number of seen unconsumed responses atomically. |
| |
| This is part of XSA-391 |
| |
| --- |
| V2: |
| - don't eoi irq in case of interface set broken (Jan Beulich) |
| - handle carrier off + no new responses added (Jan Beulich) |
| V3: |
| - add rx_ prefix to rsp_unconsumed (Jan Beulich) |
| - correct xennet_set_rx_rsp_cons() spelling (Jan Beulich) |
| |
| The Linux kernel CVE team has assigned CVE-2021-47574 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Fixed in 4.4.296 with commit 81900aa7d7a1 |
| Fixed in 4.9.294 with commit 99120c8230fd |
| Fixed in 4.14.259 with commit 4bf81386e3d6 |
| Fixed in 4.19.222 with commit 3559ca594f15 |
| Fixed in 5.4.168 with commit 3e68d099f09c |
| Fixed in 5.10.88 with commit d31b3379179d |
| Fixed in 5.15.11 with commit a29c8b5226ed |
| Fixed in 5.16 with commit b27d47950e48 |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2021-47574 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| drivers/net/xen-netfront.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/81900aa7d7a130dec4c55b68875e30fb8c9effec |
| https://git.kernel.org/stable/c/99120c8230fdd5e8b72a6e4162db9e1c0a61954a |
| https://git.kernel.org/stable/c/4bf81386e3d6e5083c93d51eff70260bcec091bb |
| https://git.kernel.org/stable/c/3559ca594f15fcd23ed10c0056d40d71e5dab8e5 |
| https://git.kernel.org/stable/c/3e68d099f09c260a7dee28b99af02fe6977a9e66 |
| https://git.kernel.org/stable/c/d31b3379179d64724d3bbfa87bd4ada94e3237de |
| https://git.kernel.org/stable/c/a29c8b5226eda52e6d6ff151d9343558ea3ad451 |
| https://git.kernel.org/stable/c/b27d47950e481f292c0a5ad57357edb9d95d03ba |
