{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47105", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-04T18:12:48.835Z", "datePublished": "2024-03-04T18:15:14.355Z", "dateUpdated": "2024-12-19T07:35:19.937Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:35:19.937Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: xsk: return xsk buffers back to pool when cleaning the ring\n\nCurrently we only NULL the xdp_buff pointer in the internal SW ring but\nwe never give it back to the xsk buffer pool. This means that buffers\ncan be leaked out of the buff pool and never be used again.\n\nAdd missing xsk_buff_free() call to the routine that is supposed to\nclean the entries that are left in the ring so that these buffers in the\numem can be used by other sockets.\n\nAlso, only go through the space that is actually left to be cleaned\ninstead of a whole ring."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/ice/ice_xsk.c"], "versions": [{"version": "2d4238f5569722197612656163d824098208519c", "lessThan": "ad6d20da2cfbe14b7b1200d15f39e65988b0b9e8", "status": "affected", "versionType": "git"}, {"version": "2d4238f5569722197612656163d824098208519c", "lessThan": "afe8a3ba85ec2a6b6849367e25c06a2f8e0ddd05", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/ice/ice_xsk.c"], "versions": [{"version": "5.5", "status": "affected"}, {"version": "0", "lessThan": "5.5", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.12", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/ad6d20da2cfbe14b7b1200d15f39e65988b0b9e8"}, {"url": "https://git.kernel.org/stable/c/afe8a3ba85ec2a6b6849367e25c06a2f8e0ddd05"}], "title": "ice: xsk: return xsk buffers back to pool when cleaning the ring", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47105", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T19:54:23.953190Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:14:51.323Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.883Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/ad6d20da2cfbe14b7b1200d15f39e65988b0b9e8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/afe8a3ba85ec2a6b6849367e25c06a2f8e0ddd05", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/ad6d20da2cfbe14b7b1200d15f39e65988b0b9e8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/afe8a3ba85ec2a6b6849367e25c06a2f8e0ddd05", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.883Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47105", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T19:54:23.953190Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:16.190Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "ice: xsk: return xsk buffers back to pool when cleaning the ring", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2d4238f5569722197612656163d824098208519c", "lessThan": "ad6d20da2cfbe14b7b1200d15f39e65988b0b9e8", "versionType": "git"}, {"status": "affected", "version": "2d4238f5569722197612656163d824098208519c", "lessThan": "afe8a3ba85ec2a6b6849367e25c06a2f8e0ddd05", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/intel/ice/ice_xsk.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.5"}, {"status": "unaffected", "version": "0", "lessThan": "5.5", "versionType": "semver"}, {"status": "unaffected", "version": "5.15.12", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "5.16", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/intel/ice/ice_xsk.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/ad6d20da2cfbe14b7b1200d15f39e65988b0b9e8"}, {"url": "https://git.kernel.org/stable/c/afe8a3ba85ec2a6b6849367e25c06a2f8e0ddd05"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: xsk: return xsk buffers back to pool when cleaning the ring\n\nCurrently we only NULL the xdp_buff pointer in the internal SW ring but\nwe never give it back to the xsk buffer pool. This means that buffers\ncan be leaked out of the buff pool and never be used again.\n\nAdd missing xsk_buff_free() call to the routine that is supposed to\nclean the entries that are left in the ring so that these buffers in the\numem can be used by other sockets.\n\nAlso, only go through the space that is actually left to be cleaned\ninstead of a whole ring."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:35:19.937Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47105", "state": "PUBLISHED", "dateUpdated": "2024-12-19T07:35:19.937Z", "dateReserved": "2024-03-04T18:12:48.835Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-04T18:15:14.355Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B083AE64-4A1D-4AD1-B078-AC730EE9450D", "versionEndExcluding": "5.15.12", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*", "matchCriteriaId": "357AA433-37E8-4323-BFB2-3038D6E4B414", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*", "matchCriteriaId": "A73429BA-C2D9-4D0C-A75F-06A1CA8B3983", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc3:*:*:*:*:*:*", "matchCriteriaId": "F621B5E3-E99D-49E7-90B9-EC3B77C95383", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc4:*:*:*:*:*:*", "matchCriteriaId": "F7BFDCAA-1650-49AA-8462-407DD593F94F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc5:*:*:*:*:*:*", "matchCriteriaId": "6EC9882F-866D-4ACB-8FBC-213D8D8436C8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc6:*:*:*:*:*:*", "matchCriteriaId": "8A0915FE-A4AA-4C94-B783-CF29D81E7E54", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: xsk: return xsk buffers back to pool when cleaning the ring\n\nCurrently we only NULL the xdp_buff pointer in the internal SW ring but\nwe never give it back to the xsk buffer pool. This means that buffers\ncan be leaked out of the buff pool and never be used again.\n\nAdd missing xsk_buff_free() call to the routine that is supposed to\nclean the entries that are left in the ring so that these buffers in the\numem can be used by other sockets.\n\nAlso, only go through the space that is actually left to be cleaned\ninstead of a whole ring."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: xsk: devuelve los buffers xsk al grupo al limpiar el anillo. Actualmente solo hacemos NULL en el puntero xdp_buff en el anillo SW interno, pero nunca lo devolvemos al grupo de buffers xsk. Esto significa que los buffers se pueden filtrar fuera del grupo de buffers y no volver a usarse nunca m\u00e1s. Agregue la llamada xsk_buff_free() faltante a la rutina que se supone que limpia las entradas que quedan en el anillo para que otros sockets puedan usar estos buffers en el umem. Adem\u00e1s, pase solo por el espacio que realmente queda por limpiar en lugar de por un anillo completo."}], "id": "CVE-2021-47105", "lastModified": "2025-02-14T15:16:27.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-04T19:15:18.707", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Exploit", "Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/ad6d20da2cfbe14b7b1200d15f39e65988b0b9e8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Exploit", "Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/afe8a3ba85ec2a6b6849367e25c06a2f8e0ddd05"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/ad6d20da2cfbe14b7b1200d15f39e65988b0b9e8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Patch"], "url": "https://git.kernel.org/stable/c/afe8a3ba85ec2a6b6849367e25c06a2f8e0ddd05"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ice: xsk: return xsk buffers back to pool when cleaning the ring", "id": "2267912", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267912"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-402", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nice: xsk: return xsk buffers back to pool when cleaning the ring\nCurrently we only NULL the xdp_buff pointer in the internal SW ring but\nwe never give it back to the xsk buffer pool. This means that buffers\ncan be leaked out of the buff pool and never be used again.\nAdd missing xsk_buff_free() call to the routine that is supposed to\nclean the entries that are left in the ring so that these buffers in the\numem can be used by other sockets.\nAlso, only go through the space that is actually left to be cleaned\ninstead of a whole ring."], "name": "CVE-2021-47105", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47105\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47105\nhttps://lore.kernel.org/linux-cve-announce/2024030444-CVE-2021-47105-fa23@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.15.12, kernel 5.16"}