CVE-2021-47449: Resolving Linux Kernel Vulnerability in Ice Tx Timestamp Tracking Flush

Recently, a vulnerability (CVE-2021-47449) was discovered and resolved in the Linux kernel related to the Intel Ethernet Controller I210/I211/I218/I219 devices (codename "ice"). This issue lies in the locking mechanism for Tx timestamp tracking flush which could potentially lead to a deadlock scenario. The problem was originally introduced with Commit 4ddd5c33c3e ("ice: add lock around Tx timestamp tracker flush") and has now been fixed to prevent any potential issues.

cleanup any left over SKBs and prepare for device removal.

The issue occurred because this lock was being held around a call to ice_clear_phy_tstamp function, which takes a mutex to send a PHY write command to the firmware. If the mutex sleeps, it could lead to a deadlock, causing a warning on a kernel with preemption debugging enabled.

For more details on the error messages and warnings generated due to this deadlock situation, please refer to the original commit, which is part of the Linux kernel source code repository.

To address this issue, the Linux kernel maintainers have provided a patch, which removes the lock around the ice_clear_phy_tstamp function. This prevents the deadlock scenario from occurring, effectively resolving the vulnerability.

The patch can be found in the Linux kernel source code repository here.

In conclusion, the CVE-2021-47449 vulnerability has been effectively resolved with this patch, and users are advised to update their Linux kernel to the latest version that includes this fix. It is essential for users and system administrators to regularly apply security updates and patches to their systems to stay protected from potential security threats.

Timeline

Published on: 05/22/2024 07:15:10 UTC
Last modified on: 08/08/2024 15:35:01 UTC