5.5
MEDIUM
CVE-2021-47615
Melanox mlx5 Registered DMA (RDMA) Memory Unmap Buffer Overflow
Description

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

INFO

Published Date :

June 19, 2024, 3:15 p.m.

Last Modified :

Dec. 19, 2024, 11:15 a.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2021-47615 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-47615 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-47615 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Rejected by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Dec. 19, 2024

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Dec. 19, 2024

    Action Type Old Value New Value
    Changed Description In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow For the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though it is a user MR. This causes function mlx5_free_priv_descs() to think that it is a kernel MR, leading to wrongly accessing mr->descs that will get wrong values in the union which leads to attempt to release resources that were not allocated in the first place. For example: DMA-API: mlx5_core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes] WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 check_unmap+0x54f/0x8b0 RIP: 0010:check_unmap+0x54f/0x8b0 Call Trace: debug_dma_unmap_page+0x57/0x60 mlx5_free_priv_descs+0x57/0x70 [mlx5_ib] mlx5_ib_dereg_mr+0x1fb/0x3d0 [mlx5_ib] ib_dereg_mr_user+0x60/0x140 [ib_core] uverbs_destroy_uobject+0x59/0x210 [ib_uverbs] uobj_destroy+0x3f/0x80 [ib_uverbs] ib_uverbs_cmd_verbs+0x435/0xd10 [ib_uverbs] ? uverbs_finalize_object+0x50/0x50 [ib_uverbs] ? lock_acquire+0xc4/0x2e0 ? lock_acquired+0x12/0x380 ? lock_acquire+0xc4/0x2e0 ? lock_acquire+0xc4/0x2e0 ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs] ? lock_release+0x28a/0x400 ib_uverbs_ioctl+0xc0/0x140 [ib_uverbs] ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs] __x64_sys_ioctl+0x7f/0xb0 do_syscall_64+0x38/0x90 Fix it by reorganizing the dereg flow and mlx5_ib_mr structure: - Move the ib_umem field into the user MRs structure in the union as it's applicable only there. - Function mlx5_ib_dereg_mr() will now call mlx5_free_priv_descs() only in case there isn't udata, which indicates that this isn't a user MR. Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
    Removed CVSS V3.1 NIST: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Removed CWE NIST: CWE-763
    Removed CPE Configuration 3172958 Config Identifier: 0, OR *cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.16:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.16:rc4:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.11 from (excluding) 5.15.14 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.13 from (excluding) 5.15.10
    Removed Reference kernel.org: https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9
    Removed Reference kernel.org: https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701
    Removed Reference kernel.org: https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f
    Removed Reference CVE: https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9
    Removed Reference CVE: https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701
    Removed Reference CVE: https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f
    Removed Reference Type kernel.org: https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9 Types: Patch
    Removed Reference Type kernel.org: https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701 Types: Patch
    Removed Reference Type kernel.org: https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f Types: Patch
    Removed Reference Type CVE: https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9 Types: Patch
    Removed Reference Type CVE: https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701 Types: Patch
    Removed Reference Type CVE: https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f Types: Patch
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9
    Added Reference https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701
    Added Reference https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f
  • Initial Analysis by [email protected]

    Oct. 30, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Changed Reference Type https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9 No Types Assigned https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9 Patch
    Changed Reference Type https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701 No Types Assigned https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701 Patch
    Changed Reference Type https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f No Types Assigned https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f Patch
    Added CWE NIST CWE-763
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.13 up to (excluding) 5.15.10 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.11 up to (excluding) 5.15.14 *cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.16:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.16:rc4:*:*:*:*:*:*
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jun. 19, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix releasing unallocated memory in dereg MR flow For the case of IB_MR_TYPE_DM the mr does doesn't have a umem, even though it is a user MR. This causes function mlx5_free_priv_descs() to think that it is a kernel MR, leading to wrongly accessing mr->descs that will get wrong values in the union which leads to attempt to release resources that were not allocated in the first place. For example: DMA-API: mlx5_core 0000:08:00.1: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=0 bytes] WARNING: CPU: 8 PID: 1021 at kernel/dma/debug.c:961 check_unmap+0x54f/0x8b0 RIP: 0010:check_unmap+0x54f/0x8b0 Call Trace: debug_dma_unmap_page+0x57/0x60 mlx5_free_priv_descs+0x57/0x70 [mlx5_ib] mlx5_ib_dereg_mr+0x1fb/0x3d0 [mlx5_ib] ib_dereg_mr_user+0x60/0x140 [ib_core] uverbs_destroy_uobject+0x59/0x210 [ib_uverbs] uobj_destroy+0x3f/0x80 [ib_uverbs] ib_uverbs_cmd_verbs+0x435/0xd10 [ib_uverbs] ? uverbs_finalize_object+0x50/0x50 [ib_uverbs] ? lock_acquire+0xc4/0x2e0 ? lock_acquired+0x12/0x380 ? lock_acquire+0xc4/0x2e0 ? lock_acquire+0xc4/0x2e0 ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs] ? lock_release+0x28a/0x400 ib_uverbs_ioctl+0xc0/0x140 [ib_uverbs] ? ib_uverbs_ioctl+0x7c/0x140 [ib_uverbs] __x64_sys_ioctl+0x7f/0xb0 do_syscall_64+0x38/0x90 Fix it by reorganizing the dereg flow and mlx5_ib_mr structure: - Move the ib_umem field into the user MRs structure in the union as it's applicable only there. - Function mlx5_ib_dereg_mr() will now call mlx5_free_priv_descs() only in case there isn't udata, which indicates that this isn't a user MR.
    Added Reference kernel.org https://git.kernel.org/stable/c/e3bc4d4b50cae7db08e50dbe43f771c906e97701 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/c44979ace49b4aede3cc7cb5542316e53a4005c9 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/f0ae4afe3d35e67db042c58a52909e06262b740f [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-47615 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-47615 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: May. 13, 2025 18:27