7.8
HIGH
CVE-2021-47589
Intel igbvf Driver Use-After-Free
Description

In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_ioremap, there is `list_for_each_entry_safe` and `netif_napi_del` which aims to delete all entries in `dev->napi_list`. The program has added an entry `adapter->rx_ring->napi` which is added by `netif_napi_add` in igbvf_alloc_queues(). However, adapter->rx_ring has been freed below label err_hw_init. So this a UAF. In terms of how to patch the problem, we can refer to igbvf_remove() and delete the entry before `adapter->rx_ring`. The KASAN logs are as follows: [ 35.126075] BUG: KASAN: use-after-free in free_netdev+0x1fd/0x450 [ 35.127170] Read of size 8 at addr ffff88810126d990 by task modprobe/366 [ 35.128360] [ 35.128643] CPU: 1 PID: 366 Comm: modprobe Not tainted 5.15.0-rc2+ #14 [ 35.129789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 35.131749] Call Trace: [ 35.132199] dump_stack_lvl+0x59/0x7b [ 35.132865] print_address_description+0x7c/0x3b0 [ 35.133707] ? free_netdev+0x1fd/0x450 [ 35.134378] __kasan_report+0x160/0x1c0 [ 35.135063] ? free_netdev+0x1fd/0x450 [ 35.135738] kasan_report+0x4b/0x70 [ 35.136367] free_netdev+0x1fd/0x450 [ 35.137006] igbvf_probe+0x121d/0x1a10 [igbvf] [ 35.137808] ? igbvf_vlan_rx_add_vid+0x100/0x100 [igbvf] [ 35.138751] local_pci_probe+0x13c/0x1f0 [ 35.139461] pci_device_probe+0x37e/0x6c0 [ 35.165526] [ 35.165806] Allocated by task 366: [ 35.166414] ____kasan_kmalloc+0xc4/0xf0 [ 35.167117] foo_kmem_cache_alloc_trace+0x3c/0x50 [igbvf] [ 35.168078] igbvf_probe+0x9c5/0x1a10 [igbvf] [ 35.168866] local_pci_probe+0x13c/0x1f0 [ 35.169565] pci_device_probe+0x37e/0x6c0 [ 35.179713] [ 35.179993] Freed by task 366: [ 35.180539] kasan_set_track+0x4c/0x80 [ 35.181211] kasan_set_free_info+0x1f/0x40 [ 35.181942] ____kasan_slab_free+0x103/0x140 [ 35.182703] kfree+0xe3/0x250 [ 35.183239] igbvf_probe+0x1173/0x1a10 [igbvf] [ 35.184040] local_pci_probe+0x13c/0x1f0

INFO

Published Date :

June 19, 2024, 3:15 p.m.

Last Modified :

Nov. 21, 2024, 6:36 a.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2021-47589 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-47589.

URL Resource
https://git.kernel.org/stable/c/74a16e062b23332d8db017ff4a41e16279c44411 Patch
https://git.kernel.org/stable/c/79d9b092035dcdbe636b70433149df9cc6db1e49 Patch
https://git.kernel.org/stable/c/8addba6cab94ce01686ea2e80ed1530f9dc33a9a Patch
https://git.kernel.org/stable/c/8d0c927a9fb2b4065230936b77b54f857a3754fc Patch
https://git.kernel.org/stable/c/944b8be08131f5faf2cd2440aa1c24a39a163a54 Patch
https://git.kernel.org/stable/c/b6d335a60dc624c0d279333b22c737faa765b028 Patch
https://git.kernel.org/stable/c/cc9b655bb84f1be283293dfea94dff9a31b106ac Patch
https://git.kernel.org/stable/c/ffe1695b678729edec04037e691007900a2b2beb Patch
https://git.kernel.org/stable/c/74a16e062b23332d8db017ff4a41e16279c44411 Patch
https://git.kernel.org/stable/c/79d9b092035dcdbe636b70433149df9cc6db1e49 Patch
https://git.kernel.org/stable/c/8addba6cab94ce01686ea2e80ed1530f9dc33a9a Patch
https://git.kernel.org/stable/c/8d0c927a9fb2b4065230936b77b54f857a3754fc Patch
https://git.kernel.org/stable/c/944b8be08131f5faf2cd2440aa1c24a39a163a54 Patch
https://git.kernel.org/stable/c/b6d335a60dc624c0d279333b22c737faa765b028 Patch
https://git.kernel.org/stable/c/cc9b655bb84f1be283293dfea94dff9a31b106ac Patch
https://git.kernel.org/stable/c/ffe1695b678729edec04037e691007900a2b2beb Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-47589 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-47589 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/74a16e062b23332d8db017ff4a41e16279c44411
    Added Reference https://git.kernel.org/stable/c/79d9b092035dcdbe636b70433149df9cc6db1e49
    Added Reference https://git.kernel.org/stable/c/8addba6cab94ce01686ea2e80ed1530f9dc33a9a
    Added Reference https://git.kernel.org/stable/c/8d0c927a9fb2b4065230936b77b54f857a3754fc
    Added Reference https://git.kernel.org/stable/c/944b8be08131f5faf2cd2440aa1c24a39a163a54
    Added Reference https://git.kernel.org/stable/c/b6d335a60dc624c0d279333b22c737faa765b028
    Added Reference https://git.kernel.org/stable/c/cc9b655bb84f1be283293dfea94dff9a31b106ac
    Added Reference https://git.kernel.org/stable/c/ffe1695b678729edec04037e691007900a2b2beb
  • Initial Analysis by [email protected]

    Aug. 27, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://git.kernel.org/stable/c/74a16e062b23332d8db017ff4a41e16279c44411 No Types Assigned https://git.kernel.org/stable/c/74a16e062b23332d8db017ff4a41e16279c44411 Patch
    Changed Reference Type https://git.kernel.org/stable/c/79d9b092035dcdbe636b70433149df9cc6db1e49 No Types Assigned https://git.kernel.org/stable/c/79d9b092035dcdbe636b70433149df9cc6db1e49 Patch
    Changed Reference Type https://git.kernel.org/stable/c/8addba6cab94ce01686ea2e80ed1530f9dc33a9a No Types Assigned https://git.kernel.org/stable/c/8addba6cab94ce01686ea2e80ed1530f9dc33a9a Patch
    Changed Reference Type https://git.kernel.org/stable/c/8d0c927a9fb2b4065230936b77b54f857a3754fc No Types Assigned https://git.kernel.org/stable/c/8d0c927a9fb2b4065230936b77b54f857a3754fc Patch
    Changed Reference Type https://git.kernel.org/stable/c/944b8be08131f5faf2cd2440aa1c24a39a163a54 No Types Assigned https://git.kernel.org/stable/c/944b8be08131f5faf2cd2440aa1c24a39a163a54 Patch
    Changed Reference Type https://git.kernel.org/stable/c/b6d335a60dc624c0d279333b22c737faa765b028 No Types Assigned https://git.kernel.org/stable/c/b6d335a60dc624c0d279333b22c737faa765b028 Patch
    Changed Reference Type https://git.kernel.org/stable/c/cc9b655bb84f1be283293dfea94dff9a31b106ac No Types Assigned https://git.kernel.org/stable/c/cc9b655bb84f1be283293dfea94dff9a31b106ac Patch
    Changed Reference Type https://git.kernel.org/stable/c/ffe1695b678729edec04037e691007900a2b2beb No Types Assigned https://git.kernel.org/stable/c/ffe1695b678729edec04037e691007900a2b2beb Patch
    Added CWE NIST CWE-415
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.30 up to (excluding) 4.4.296 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.5 up to (excluding) 4.9.294 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.10 up to (excluding) 4.14.259 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.222 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.168 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.88 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.11
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jun. 19, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_ioremap, there is `list_for_each_entry_safe` and `netif_napi_del` which aims to delete all entries in `dev->napi_list`. The program has added an entry `adapter->rx_ring->napi` which is added by `netif_napi_add` in igbvf_alloc_queues(). However, adapter->rx_ring has been freed below label err_hw_init. So this a UAF. In terms of how to patch the problem, we can refer to igbvf_remove() and delete the entry before `adapter->rx_ring`. The KASAN logs are as follows: [ 35.126075] BUG: KASAN: use-after-free in free_netdev+0x1fd/0x450 [ 35.127170] Read of size 8 at addr ffff88810126d990 by task modprobe/366 [ 35.128360] [ 35.128643] CPU: 1 PID: 366 Comm: modprobe Not tainted 5.15.0-rc2+ #14 [ 35.129789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 35.131749] Call Trace: [ 35.132199] dump_stack_lvl+0x59/0x7b [ 35.132865] print_address_description+0x7c/0x3b0 [ 35.133707] ? free_netdev+0x1fd/0x450 [ 35.134378] __kasan_report+0x160/0x1c0 [ 35.135063] ? free_netdev+0x1fd/0x450 [ 35.135738] kasan_report+0x4b/0x70 [ 35.136367] free_netdev+0x1fd/0x450 [ 35.137006] igbvf_probe+0x121d/0x1a10 [igbvf] [ 35.137808] ? igbvf_vlan_rx_add_vid+0x100/0x100 [igbvf] [ 35.138751] local_pci_probe+0x13c/0x1f0 [ 35.139461] pci_device_probe+0x37e/0x6c0 [ 35.165526] [ 35.165806] Allocated by task 366: [ 35.166414] ____kasan_kmalloc+0xc4/0xf0 [ 35.167117] foo_kmem_cache_alloc_trace+0x3c/0x50 [igbvf] [ 35.168078] igbvf_probe+0x9c5/0x1a10 [igbvf] [ 35.168866] local_pci_probe+0x13c/0x1f0 [ 35.169565] pci_device_probe+0x37e/0x6c0 [ 35.179713] [ 35.179993] Freed by task 366: [ 35.180539] kasan_set_track+0x4c/0x80 [ 35.181211] kasan_set_free_info+0x1f/0x40 [ 35.181942] ____kasan_slab_free+0x103/0x140 [ 35.182703] kfree+0xe3/0x250 [ 35.183239] igbvf_probe+0x1173/0x1a10 [igbvf] [ 35.184040] local_pci_probe+0x13c/0x1f0
    Added Reference kernel.org https://git.kernel.org/stable/c/ffe1695b678729edec04037e691007900a2b2beb [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/79d9b092035dcdbe636b70433149df9cc6db1e49 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/8d0c927a9fb2b4065230936b77b54f857a3754fc [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/cc9b655bb84f1be283293dfea94dff9a31b106ac [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/8addba6cab94ce01686ea2e80ed1530f9dc33a9a [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/74a16e062b23332d8db017ff4a41e16279c44411 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/944b8be08131f5faf2cd2440aa1c24a39a163a54 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/b6d335a60dc624c0d279333b22c737faa765b028 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-47589 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-47589 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: May. 13, 2025 21:40