Vulnerability-Lookup

CVE-2021-47178 (GCVE-0-2021-47178)

Vulnerability from cvelistv5 – Published: 2024-03-25 09:16 – Updated: 2025-05-04 07:05

Title

scsi: target: core: Avoid smp_processor_id() in preemptible code

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Avoid smp_processor_id() in preemptible code The BUG message "BUG: using smp_processor_id() in preemptible [00000000] code" was observed for TCMU devices with kernel config DEBUG_PREEMPT. The message was observed when blktests block/005 was run on TCMU devices with fileio backend or user:zbc backend [1]. The commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper") triggered the symptom. The commit modified work queue to handle commands and changed 'current->nr_cpu_allowed' at smp_processor_id() call. The message was also observed at system shutdown when TCMU devices were not cleaned up [2]. The function smp_processor_id() was called in SCSI host work queue for abort handling, and triggered the BUG message. This symptom was observed regardless of the commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper"). To avoid the preemptible code check at smp_processor_id(), get CPU ID with raw_smp_processor_id() instead. The CPU ID is used for performance improvement then thread move to other CPU will not affect the code. [1] [ 56.468103] run blktests block/005 at 2021-05-12 14:16:38 [ 57.369473] check_preemption_disabled: 85 callbacks suppressed [ 57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511 [ 57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510 [ 57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506 [ 57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.369617] Call Trace: [ 57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507 [ 57.369628] dump_stack+0x6d/0x89 [ 57.369642] check_preemption_disabled+0xc8/0xd0 [ 57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod] [ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop] [ 57.369744] scsi_queue_rq+0x38e/0xc40 [ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0 [ 57.369779] blk_mq_try_issue_directly+0x43/0x90 [ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0 [ 57.369812] submit_bio_noacct+0x46e/0x4e0 [ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2d0 [ 57.369859] ? set_init_blocksize.isra.0+0x60/0x60 [ 57.369880] generic_file_read_iter+0x89/0x160 [ 57.369898] blkdev_read_iter+0x44/0x60 [ 57.369906] new_sync_read+0x102/0x170 [ 57.369929] vfs_read+0xd4/0x160 [ 57.369941] __x64_sys_pread64+0x6e/0xa0 [ 57.369946] ? lockdep_hardirqs_on+0x79/0x100 [ 57.369958] do_syscall_64+0x3a/0x70 [ 57.369965] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.369973] RIP: 0033:0x7f7ed4c1399f [ 57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b [ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011 [ 57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f [ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009 [ 57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001 [ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70 [ 57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568 [ 57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.370039] Call Trace: [ 57.370045] dump_stack+0x6d/0x89 [ 57.370056] ch ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

FKIE_CVE-2021-47178

Vulnerability from fkie_nvd - Published: 2024-03-25 10:15 - Updated: 2025-03-17 15:20

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9	Patch

Impacted products

Vendor	Product	Version
linux	linux_kernel	*
linux	linux_kernel	5.13
linux	linux_kernel	5.13
linux	linux_kernel	5.13

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C8A1D02-81A7-44E5-ACFD-CC6A6694F930",
              "versionEndExcluding": "5.12.9",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Avoid smp_processor_id() in preemptible code\n\nThe BUG message \"BUG: using smp_processor_id() in preemptible [00000000]\ncode\" was observed for TCMU devices with kernel config DEBUG_PREEMPT.\n\nThe message was observed when blktests block/005 was run on TCMU devices\nwith fileio backend or user:zbc backend [1]. The commit 1130b499b4a7\n(\"scsi: target: tcm_loop: Use LIO wq cmd submission helper\") triggered the\nsymptom. The commit modified work queue to handle commands and changed\n\u0027current-\u003enr_cpu_allowed\u0027 at smp_processor_id() call.\n\nThe message was also observed at system shutdown when TCMU devices were not\ncleaned up [2]. The function smp_processor_id() was called in SCSI host\nwork queue for abort handling, and triggered the BUG message. This symptom\nwas observed regardless of the commit 1130b499b4a7 (\"scsi: target:\ntcm_loop: Use LIO wq cmd submission helper\").\n\nTo avoid the preemptible code check at smp_processor_id(), get CPU ID with\nraw_smp_processor_id() instead. The CPU ID is used for performance\nimprovement then thread move to other CPU will not affect the code.\n\n[1]\n\n[   56.468103] run blktests block/005 at 2021-05-12 14:16:38\n[   57.369473] check_preemption_disabled: 85 callbacks suppressed\n[   57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511\n[   57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510\n[   57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506\n[   57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34\n[   57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[   57.369617] Call Trace:\n[   57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507\n[   57.369628]  dump_stack+0x6d/0x89\n[   57.369642]  check_preemption_disabled+0xc8/0xd0\n[   57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369655]  __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369695]  target_init_cmd+0x76/0x90 [target_core_mod]\n[   57.369732]  tcm_loop_queuecommand+0x109/0x210 [tcm_loop]\n[   57.369744]  scsi_queue_rq+0x38e/0xc40\n[   57.369761]  __blk_mq_try_issue_directly+0x109/0x1c0\n[   57.369779]  blk_mq_try_issue_directly+0x43/0x90\n[   57.369790]  blk_mq_submit_bio+0x4e5/0x5d0\n[   57.369812]  submit_bio_noacct+0x46e/0x4e0\n[   57.369830]  __blkdev_direct_IO_simple+0x1a3/0x2d0\n[   57.369859]  ? set_init_blocksize.isra.0+0x60/0x60\n[   57.369880]  generic_file_read_iter+0x89/0x160\n[   57.369898]  blkdev_read_iter+0x44/0x60\n[   57.369906]  new_sync_read+0x102/0x170\n[   57.369929]  vfs_read+0xd4/0x160\n[   57.369941]  __x64_sys_pread64+0x6e/0xa0\n[   57.369946]  ? lockdep_hardirqs_on+0x79/0x100\n[   57.369958]  do_syscall_64+0x3a/0x70\n[   57.369965]  entry_SYSCALL_64_after_hwframe+0x44/0xae\n[   57.369973] RIP: 0033:0x7f7ed4c1399f\n[   57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b\n[   57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[   57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f\n[   57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009\n[   57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001\n[   57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70\n[   57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568\n[   57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34\n[   57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[   57.370039] Call Trace:\n[   57.370045]  dump_stack+0x6d/0x89\n[   57.370056]  ch\n---truncated---"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: target: core: Evite smp_processor_id() en c\u00f3digo interrumpible Se observ\u00f3 el mensaje de ERROR \"ERROR: usar smp_processor_id() en c\u00f3digo interrumpible [00000000]\" para dispositivos TCMU con configuraci\u00f3n de kernel DEBUG_PREEMPT. El mensaje se observ\u00f3 cuando se ejecut\u00f3 blktests block/005 en dispositivos TCMU con backend fileio o usuario:zbc [1]. La confirmaci\u00f3n 1130b499b4a7 (\"scsi: target: tcm_loop: Use el asistente de env\u00edo LIO wq cmd\") desencaden\u00f3 el s\u00edntoma. La confirmaci\u00f3n modific\u00f3 la cola de trabajo para manejar comandos y cambi\u00f3 \u0027current-\u0026gt;nr_cpu_allowed\u0027 en la llamada a smp_processor_id(). El mensaje tambi\u00e9n se observ\u00f3 al apagar el sistema cuando los dispositivos TCMU no se limpiaron [2]. La funci\u00f3n smp_processor_id() fue llamada en la cola de trabajo del host SCSI para el manejo de abortos y activ\u00f3 el mensaje de ERROR. Este s\u00edntoma se observ\u00f3 independientemente de la confirmaci\u00f3n 1130b499b4a7 (\"scsi: target: tcm_loop: Use el asistente de env\u00edo LIO wq cmd\"). Para evitar la verificaci\u00f3n del c\u00f3digo interrumpible en smp_processor_id(), obtenga el ID de la CPU con raw_smp_processor_id() en su lugar. El ID de la CPU se utiliza para mejorar el rendimiento, luego el movimiento del subproceso a otra CPU no afectar\u00e1 el c\u00f3digo. [1] [56.468103] ejecute blktests block/005 el 2021-05-12 14:16:38 [57.369473] check_preemption_disabled: 85 devoluciones de llamada suprimidas [57.369480] ERROR: usar smp_processor_id() en c\u00f3digo preferente [00000000]: fio/151 1 [ 57.369506] ERROR: usar smp_processor_id() en c\u00f3digo interrumpible [00000000]: fio/1510 [57.369512] ERROR: usar smp_processor_id() en c\u00f3digo interrumpible [00000000]: fio/1506 [57.369552] la persona que llama es __target_init_cmd+0 x157/0x170 [objetivo_core_mod] [ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.369613] Nombre del hardware: Fabricante del sistema Nombre del producto del sistema/PRIME Z270-A, BIOS 1302 15/03/2018 [ 57.369617] Seguimiento de llamadas : [57.369621] ERROR: usar smp_processor_id() en c\u00f3digo interrumpible [00000000]: fio/1507 [57.369628] dump_stack+0x6d/0x89 [57.369642] check_preemption_disabled+0xc8/0xd0 [57.369628] la persona que llama es __ target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod] [ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop] [ 57 .369744] scsi_queue_rq+0x38e/0xc40 [ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0 [ 57.369779 ] blk_mq_try_issue_directly+0x43/0x90 [ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0 [ 57.369812] submit_bio_noacct+0x46e/0x4e0 [ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2 d0 [57.369859]? set_init_blocksize.isra.0+0x60/0x60 [ 57.369880] generic_file_read_iter+0x89/0x160 [ 57.369898] blkdev_read_iter+0x44/0x60 [ 57.369906] new_sync_read+0x102/0x170 [ 57.369929 ] vfs_read+0xd4/0x160 [ 57.369941] __x64_sys_pread64+0x6e/0xa0 [ 57.369946] ? lockdep_hardirqs_on+0x79/0x100 [ 57.369958] do_syscall_64+0x3a/0x70 [ 57.369965] Entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.369973] RIP: 0033:0x7f7ed4c1399f [ 5 7.369979] C\u00f3digo: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 \u0026lt;48\u0026gt; 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b [ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011 [ 57.369990] RAX: fffffffffffffffda RBX: 00000000015b4540 RCX: 00 007f7ed4c1399f [ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 000000000000000009 [ 57.369996] RBP: 00000000015b4540 R08: 000 0000000000000 R09: 0000000000000001 [ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70 [ 57.370002] R13: 00000000000000000 R14: 000000000000 1000 R15: 00000000015b4568 [57.370031] CPU: 7 PID: 1507 ---truncado---"
    }
  ],
  "id": "CVE-2021-47178",
  "lastModified": "2025-03-17T15:20:33.717",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-03-25T10:15:09.267",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-459"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2021-47178

Vulnerability from fstec - Published: 21.05.2021

Title

Уязвимость функции transport_init_se_cmd() модуля drivers/target/target_core_transport.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании.

Description

Уязвимость функции transport_init_se_cmd() модуля drivers/target/target_core_transport.c ядра операционной системы Linux связана с неправильным контролем идентификаторов ресурсов («внедрение ресурсов»). Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании.

Severity ?


                    
                      AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Vendor

Сообщество свободного программного обеспечения

Software Name

Linux

Software Version

от 5.11 до 5.12.8 включительно (Linux)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для Linux: https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1 https://lore.kernel.org/linux-cve-announce/2024032538-CVE-2021-47178-6167@gregkh/ https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9 https://git.linuxtesting.ru/pub/scm/linux/kernel/git/lvc/linux-stable.git/commit/?h=v5.10.180-lvc4&id=a222d2794c53f8165de20aa91b39e35e4b72bce9 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.9

Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47178 https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1 https://lore.kernel.org/linux-cve-announce/2024032538-CVE-2021-47178-6167@gregkh/ https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9 https://www.cve.org/CVERecord?id=CVE-2021-47178 https://git.linuxtesting.ru/pub/scm/linux/kernel/git/lvc/linux-stable.git/commit/?h=v5.10.180-lvc4&id=a222d2794c53f8165de20aa91b39e35e4b72bce9 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.9

CWE

CWE-99

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:M/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 5.11 \u0434\u043e 5.12.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f\nhttps://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1\nhttps://lore.kernel.org/linux-cve-announce/2024032538-CVE-2021-47178-6167@gregkh/\nhttps://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9\nhttps://git.linuxtesting.ru/pub/scm/linux/kernel/git/lvc/linux-stable.git/commit/?h=v5.10.180-lvc4\u0026id=a222d2794c53f8165de20aa91b39e35e4b72bce9\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.9",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "21.05.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "05.11.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "05.11.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-13714",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-47178",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.11 \u0434\u043e 5.12.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 transport_init_se_cmd() \u043c\u043e\u0434\u0443\u043b\u044f drivers/target/target_core_transport.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438.",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u0430\u043c\u0438 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430) (CWE-99)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 transport_init_se_cmd() \u043c\u043e\u0434\u0443\u043b\u044f drivers/target/target_core_transport.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0435\u043c \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u0432 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 (\u00ab\u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432\u00bb). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438.",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47178\nhttps://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f\nhttps://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1\nhttps://lore.kernel.org/linux-cve-announce/2024032538-CVE-2021-47178-6167@gregkh/\nhttps://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9\nhttps://www.cve.org/CVERecord?id=CVE-2021-47178\nhttps://git.linuxtesting.ru/pub/scm/linux/kernel/git/lvc/linux-stable.git/commit/?h=v5.10.180-lvc4\u0026id=a222d2794c53f8165de20aa91b39e35e4b72bce9\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.9",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-99",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,4)"
}

GHSA-VMQF-GRH3-9RRR

Vulnerability from github – Published: 2024-03-25 12:30 – Updated: 2025-03-17 15:31

Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: core: Avoid smp_processor_id() in preemptible code

The BUG message "BUG: using smp_processor_id() in preemptible [00000000] code" was observed for TCMU devices with kernel config DEBUG_PREEMPT.

The message was observed when blktests block/005 was run on TCMU devices with fileio backend or user:zbc backend [1]. The commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper") triggered the symptom. The commit modified work queue to handle commands and changed 'current->nr_cpu_allowed' at smp_processor_id() call.

The message was also observed at system shutdown when TCMU devices were not cleaned up [2]. The function smp_processor_id() was called in SCSI host work queue for abort handling, and triggered the BUG message. This symptom was observed regardless of the commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper").

To avoid the preemptible code check at smp_processor_id(), get CPU ID with raw_smp_processor_id() instead. The CPU ID is used for performance improvement then thread move to other CPU will not affect the code.

[1]

[ 56.468103] run blktests block/005 at 2021-05-12 14:16:38 [ 57.369473] check_preemption_disabled: 85 callbacks suppressed [ 57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511 [ 57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510 [ 57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506 [ 57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.369617] Call Trace: [ 57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507 [ 57.369628] dump_stack+0x6d/0x89 [ 57.369642] check_preemption_disabled+0xc8/0xd0 [ 57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod] [ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop] [ 57.369744] scsi_queue_rq+0x38e/0xc40 [ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0 [ 57.369779] blk_mq_try_issue_directly+0x43/0x90 [ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0 [ 57.369812] submit_bio_noacct+0x46e/0x4e0 [ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2d0 [ 57.369859] ? set_init_blocksize.isra.0+0x60/0x60 [ 57.369880] generic_file_read_iter+0x89/0x160 [ 57.369898] blkdev_read_iter+0x44/0x60 [ 57.369906] new_sync_read+0x102/0x170 [ 57.369929] vfs_read+0xd4/0x160 [ 57.369941] __x64_sys_pread64+0x6e/0xa0 [ 57.369946] ? lockdep_hardirqs_on+0x79/0x100 [ 57.369958] do_syscall_64+0x3a/0x70 [ 57.369965] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.369973] RIP: 0033:0x7f7ed4c1399f [ 57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b [ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011 [ 57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f [ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009 [ 57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001 [ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70 [ 57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568 [ 57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.370039] Call Trace: [ 57.370045] dump_stack+0x6d/0x89 [ 57.370056] ch ---truncated---

Severity ?

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-47178"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-459"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-25T10:15:09Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Avoid smp_processor_id() in preemptible code\n\nThe BUG message \"BUG: using smp_processor_id() in preemptible [00000000]\ncode\" was observed for TCMU devices with kernel config DEBUG_PREEMPT.\n\nThe message was observed when blktests block/005 was run on TCMU devices\nwith fileio backend or user:zbc backend [1]. The commit 1130b499b4a7\n(\"scsi: target: tcm_loop: Use LIO wq cmd submission helper\") triggered the\nsymptom. The commit modified work queue to handle commands and changed\n\u0027current-\u003enr_cpu_allowed\u0027 at smp_processor_id() call.\n\nThe message was also observed at system shutdown when TCMU devices were not\ncleaned up [2]. The function smp_processor_id() was called in SCSI host\nwork queue for abort handling, and triggered the BUG message. This symptom\nwas observed regardless of the commit 1130b499b4a7 (\"scsi: target:\ntcm_loop: Use LIO wq cmd submission helper\").\n\nTo avoid the preemptible code check at smp_processor_id(), get CPU ID with\nraw_smp_processor_id() instead. The CPU ID is used for performance\nimprovement then thread move to other CPU will not affect the code.\n\n[1]\n\n[   56.468103] run blktests block/005 at 2021-05-12 14:16:38\n[   57.369473] check_preemption_disabled: 85 callbacks suppressed\n[   57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511\n[   57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510\n[   57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506\n[   57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34\n[   57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[   57.369617] Call Trace:\n[   57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507\n[   57.369628]  dump_stack+0x6d/0x89\n[   57.369642]  check_preemption_disabled+0xc8/0xd0\n[   57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369655]  __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369695]  target_init_cmd+0x76/0x90 [target_core_mod]\n[   57.369732]  tcm_loop_queuecommand+0x109/0x210 [tcm_loop]\n[   57.369744]  scsi_queue_rq+0x38e/0xc40\n[   57.369761]  __blk_mq_try_issue_directly+0x109/0x1c0\n[   57.369779]  blk_mq_try_issue_directly+0x43/0x90\n[   57.369790]  blk_mq_submit_bio+0x4e5/0x5d0\n[   57.369812]  submit_bio_noacct+0x46e/0x4e0\n[   57.369830]  __blkdev_direct_IO_simple+0x1a3/0x2d0\n[   57.369859]  ? set_init_blocksize.isra.0+0x60/0x60\n[   57.369880]  generic_file_read_iter+0x89/0x160\n[   57.369898]  blkdev_read_iter+0x44/0x60\n[   57.369906]  new_sync_read+0x102/0x170\n[   57.369929]  vfs_read+0xd4/0x160\n[   57.369941]  __x64_sys_pread64+0x6e/0xa0\n[   57.369946]  ? lockdep_hardirqs_on+0x79/0x100\n[   57.369958]  do_syscall_64+0x3a/0x70\n[   57.369965]  entry_SYSCALL_64_after_hwframe+0x44/0xae\n[   57.369973] RIP: 0033:0x7f7ed4c1399f\n[   57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b\n[   57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[   57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f\n[   57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009\n[   57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001\n[   57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70\n[   57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568\n[   57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34\n[   57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[   57.370039] Call Trace:\n[   57.370045]  dump_stack+0x6d/0x89\n[   57.370056]  ch\n---truncated---",
  "id": "GHSA-vmqf-grh3-9rrr",
  "modified": "2025-03-17T15:31:36Z",
  "published": "2024-03-25T12:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47178"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2024-AVI-0478

Vulnerability from certfr_avis - Published: 2024-06-11 - Updated: 2024-06-11

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	N/A	SINEC Traffic Analyzer versions antérieures à 1.2
Siemens	N/A	SIPLUS ET 200SP CP 1543SP-1 ISEC versions antérieures à 2.3
Siemens	N/A	SITOP UPS1600 EX 20 A Ethernet PROFINET versions antérieures à 2.5.4
Siemens	N/A	Teamcenter Visualization 14.3 versions antérieures à 14.3.0.9
Siemens	N/A	SITOP UPS1600 40 A Ethernet/ PROFINET versions antérieures à 2.5.4
Siemens	N/A	PCCX26 Ax 1703 PE, Contr, Communication Element versions antérieures à 06.05
Siemens	N/A	Tecnomatix Plant Simulation 2404 versions antérieures à 2404.0001
Siemens	N/A	TIM 1531 IRC versions antérieures à 2.4.8
Siemens	N/A	CPCX26 Central Processing/Communication versions antérieures à 06.02
Siemens	N/A	SITOP UPS1600 20 A Ethernet/ PROFINET versions antérieures à 2.5.4
Siemens	N/A	Teamcenter Visualization 2312 versions antérieures à 2312.0004
Siemens	N/A	JT2Go versions antérieures à 2312.0004
Siemens	N/A	les applications Mendix utilisant Mendix 10 versions antérieures à 10.11.0
Siemens	N/A	Tecnomatix Plant Simulation 2302 versions antérieures à 2302.0012
Siemens	N/A	SIPLUS TIM 1531 IRC versions antérieures à 2.4.8
Siemens	N/A	ETA5 Ethernet Int. 1x100TX IEC61850 Ed.2 versions antérieures à 03.27
Siemens	N/A	SITOP UPS1600 10 A Ethernet/ PROFINET versions antérieures à 2.5.4
Siemens	N/A	PowerSys versions antérieures à 3.11
Siemens	N/A	ETA4 Ethernet Interface IEC60870-5-104 versions antérieures à 10.46
Siemens	N/A	TIA Administrator versions antérieures à 3 SP2
Siemens	N/A	les applications Mendix utilisant Mendix 9 versions antérieures à 9.24.22
Siemens	N/A	ST7 ScadaConnect versions antérieures à 1.1
Siemens	N/A	SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL versions antérieures à 2.3
Siemens	N/A	Teamcenter Visualization 14.2 toutes versions, aucun correctif n'est disponible
Siemens	N/A	les produits SCALANCE, se référer au bulletin de sécurité de l'éditeur (cf. section Documentation)
Siemens	N/A	SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL versions antérieures à 2.3
Siemens	N/A	les applications Mendix utilisant Mendix 10.6 versions antérieures à 10.6.9

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-900277	2024-06-11	vendor-advisory
Bulletin de sécurité Siemens ssa-620338	2024-06-11	vendor-advisory
Bulletin de sécurité Siemens ssa-540640	2024-06-11	vendor-advisory
Bulletin de sécurité Siemens ssa-238730	2024-06-11	vendor-advisory
Bulletin de sécurité Siemens ssa-319319	2024-06-11	vendor-advisory
Bulletin de sécurité Siemens ssa-879734	2024-06-11	vendor-advisory
Bulletin de sécurité Siemens ssa-625862	2024-06-11	vendor-advisory
Bulletin de sécurité Siemens ssa-481506	2024-06-11	vendor-advisory
Bulletin de sécurité Siemens ssa-024584	2024-06-11	vendor-advisory
Bulletin de sécurité Siemens ssa-196737	2024-06-11	vendor-advisory
Bulletin de sécurité Siemens ssa-337522	2024-06-11	vendor-advisory
Bulletin de sécurité Siemens ssa-341067	2024-06-11	vendor-advisory
Bulletin de sécurité Siemens ssa-771940	2024-06-11	vendor-advisory
Bulletin de sécurité Siemens ssa-690517	2024-06-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SINEC Traffic Analyzer versions ant\u00e9rieures \u00e0 1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS ET 200SP CP 1543SP-1 ISEC versions ant\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SITOP UPS1600 EX 20 A Ethernet PROFINET versions ant\u00e9rieures \u00e0 2.5.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization 14.3 versions ant\u00e9rieures \u00e0 14.3.0.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SITOP UPS1600 40 A Ethernet/ PROFINET versions ant\u00e9rieures \u00e0 2.5.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "PCCX26 Ax 1703 PE, Contr, Communication Element versions ant\u00e9rieures \u00e0 06.05",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Tecnomatix Plant Simulation 2404 versions ant\u00e9rieures \u00e0 2404.0001",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 1531 IRC versions ant\u00e9rieures \u00e0 2.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CPCX26 Central Processing/Communication versions ant\u00e9rieures \u00e0 06.02",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SITOP UPS1600 20 A Ethernet/ PROFINET versions ant\u00e9rieures \u00e0 2.5.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization 2312 versions ant\u00e9rieures \u00e0 2312.0004",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT2Go versions ant\u00e9rieures \u00e0 2312.0004",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "les applications Mendix utilisant Mendix 10 versions ant\u00e9rieures \u00e0 10.11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Tecnomatix Plant Simulation 2302 versions ant\u00e9rieures \u00e0 2302.0012",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS TIM 1531 IRC versions ant\u00e9rieures \u00e0 2.4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "ETA5 Ethernet Int. 1x100TX IEC61850 Ed.2 versions ant\u00e9rieures \u00e0 03.27",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SITOP UPS1600 10 A Ethernet/ PROFINET versions ant\u00e9rieures \u00e0 2.5.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "PowerSys versions ant\u00e9rieures \u00e0 3.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "ETA4 Ethernet Interface IEC60870-5-104 versions ant\u00e9rieures \u00e0 10.46",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Administrator versions ant\u00e9rieures \u00e0 3 SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "les applications Mendix utilisant Mendix 9 versions ant\u00e9rieures \u00e0 9.24.22",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "ST7 ScadaConnect versions ant\u00e9rieures \u00e0 1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL versions ant\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization 14.2 toutes versions, aucun correctif n\u0027est disponible",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "les produits SCALANCE, se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL versions ant\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "les applications Mendix utilisant Mendix 10.6 versions ant\u00e9rieures \u00e0 10.6.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-24895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24895"
    },
    {
      "name": "CVE-2023-49691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49691"
    },
    {
      "name": "CVE-2024-35207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35207"
    },
    {
      "name": "CVE-2023-33135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33135"
    },
    {
      "name": "CVE-2024-33500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33500"
    },
    {
      "name": "CVE-2023-35390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35390"
    },
    {
      "name": "CVE-2023-44317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44317"
    },
    {
      "name": "CVE-2024-35210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35210"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2023-38380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38380"
    },
    {
      "name": "CVE-2023-36794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36794"
    },
    {
      "name": "CVE-2024-36266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36266"
    },
    {
      "name": "CVE-2023-24897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24897"
    },
    {
      "name": "CVE-2022-44792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44792"
    },
    {
      "name": "CVE-2022-42329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
    },
    {
      "name": "CVE-2024-35206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35206"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-35788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-24936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24936"
    },
    {
      "name": "CVE-2023-36792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36792"
    },
    {
      "name": "CVE-2022-3643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3643"
    },
    {
      "name": "CVE-2022-39189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
    },
    {
      "name": "CVE-2022-46144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46144"
    },
    {
      "name": "CVE-2022-3435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2024-26277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26277"
    },
    {
      "name": "CVE-2022-40225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40225"
    },
    {
      "name": "CVE-2023-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
    },
    {
      "name": "CVE-2023-35828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35828"
    },
    {
      "name": "CVE-2023-36049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36049"
    },
    {
      "name": "CVE-2023-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
    },
    {
      "name": "CVE-2022-44793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44793"
    },
    {
      "name": "CVE-2024-35211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35211"
    },
    {
      "name": "CVE-2023-33127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33127"
    },
    {
      "name": "CVE-2021-47178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47178"
    },
    {
      "name": "CVE-2022-45919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45919"
    },
    {
      "name": "CVE-2023-33170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33170"
    },
    {
      "name": "CVE-2023-33128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33128"
    },
    {
      "name": "CVE-2023-41910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41910"
    },
    {
      "name": "CVE-2023-28484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
    },
    {
      "name": "CVE-2023-28319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
    },
    {
      "name": "CVE-2022-45886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45886"
    },
    {
      "name": "CVE-2022-1015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1015"
    },
    {
      "name": "CVE-2023-27321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27321"
    },
    {
      "name": "CVE-2024-31484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31484"
    },
    {
      "name": "CVE-2023-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
    },
    {
      "name": "CVE-2022-41742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
    },
    {
      "name": "CVE-2022-3545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
    },
    {
      "name": "CVE-2023-26552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26552"
    },
    {
      "name": "CVE-2023-29469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
    },
    {
      "name": "CVE-2023-0160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0160"
    },
    {
      "name": "CVE-2024-35212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35212"
    },
    {
      "name": "CVE-2022-40303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
    },
    {
      "name": "CVE-2023-21255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21255"
    },
    {
      "name": "CVE-2024-26275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26275"
    },
    {
      "name": "CVE-2023-38180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38180"
    },
    {
      "name": "CVE-2023-35824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35824"
    },
    {
      "name": "CVE-2024-35209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35209"
    },
    {
      "name": "CVE-2022-42328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
    },
    {
      "name": "CVE-2023-35823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35823"
    },
    {
      "name": "CVE-2023-38178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38178"
    },
    {
      "name": "CVE-2022-45887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45887"
    },
    {
      "name": "CVE-2024-0775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0775"
    },
    {
      "name": "CVE-2023-44319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44319"
    },
    {
      "name": "CVE-2023-32032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32032"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2023-26554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26554"
    },
    {
      "name": "CVE-2023-2269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2269"
    },
    {
      "name": "CVE-2024-35208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35208"
    },
    {
      "name": "CVE-2024-26276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26276"
    },
    {
      "name": "CVE-2023-1017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1017"
    },
    {
      "name": "CVE-2023-38171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38171"
    },
    {
      "name": "CVE-2023-28260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28260"
    },
    {
      "name": "CVE-2023-50763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50763"
    },
    {
      "name": "CVE-2022-3623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3623"
    },
    {
      "name": "CVE-2022-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
    },
    {
      "name": "CVE-2023-29331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29331"
    },
    {
      "name": "CVE-2023-44374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44374"
    },
    {
      "name": "CVE-2023-38533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38533"
    },
    {
      "name": "CVE-2023-35829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35829"
    },
    {
      "name": "CVE-2023-36038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36038"
    },
    {
      "name": "CVE-2023-21808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21808"
    },
    {
      "name": "CVE-2023-36799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36799"
    },
    {
      "name": "CVE-2023-36435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36435"
    },
    {
      "name": "CVE-2023-26553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26553"
    },
    {
      "name": "CVE-2022-40304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
    },
    {
      "name": "CVE-2023-35391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35391"
    },
    {
      "name": "CVE-2023-44373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44373"
    },
    {
      "name": "CVE-2023-39615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
    },
    {
      "name": "CVE-2023-36796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36796"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2024-35303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35303"
    },
    {
      "name": "CVE-2023-5678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
    },
    {
      "name": "CVE-2024-35292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35292"
    },
    {
      "name": "CVE-2023-36558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36558"
    },
    {
      "name": "CVE-2023-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
    },
    {
      "name": "CVE-2023-33126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33126"
    },
    {
      "name": "CVE-2023-52474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52474"
    },
    {
      "name": "CVE-2023-44318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44318"
    },
    {
      "name": "CVE-2023-36793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36793"
    }
  ],
  "initial_release_date": "2024-06-11T00:00:00",
  "last_revision_date": "2024-06-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0478",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-06-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-900277",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-900277.html"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-620338",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-620338.html"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-540640",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-540640.html"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-238730",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-238730.html"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-319319",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-319319.html"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-879734",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-879734.html"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-625862",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-625862.html"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-481506",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-481506.html"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-024584",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-024584.html"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-196737",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-196737.html"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-337522",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-337522.html"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-341067",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-341067.html"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-771940",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-771940.html"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-690517",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-690517.html"
    }
  ]
}

GSD-2021-47178

Vulnerability from gsd - Updated: 2024-04-03 05:03

Details

Aliases

CVE-2021-47178

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-47178"
      ],
      "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Avoid smp_processor_id() in preemptible code\n\nThe BUG message \"BUG: using smp_processor_id() in preemptible [00000000]\ncode\" was observed for TCMU devices with kernel config DEBUG_PREEMPT.\n\nThe message was observed when blktests block/005 was run on TCMU devices\nwith fileio backend or user:zbc backend [1]. The commit 1130b499b4a7\n(\"scsi: target: tcm_loop: Use LIO wq cmd submission helper\") triggered the\nsymptom. The commit modified work queue to handle commands and changed\n\u0027current-\u003enr_cpu_allowed\u0027 at smp_processor_id() call.\n\nThe message was also observed at system shutdown when TCMU devices were not\ncleaned up [2]. The function smp_processor_id() was called in SCSI host\nwork queue for abort handling, and triggered the BUG message. This symptom\nwas observed regardless of the commit 1130b499b4a7 (\"scsi: target:\ntcm_loop: Use LIO wq cmd submission helper\").\n\nTo avoid the preemptible code check at smp_processor_id(), get CPU ID with\nraw_smp_processor_id() instead. The CPU ID is used for performance\nimprovement then thread move to other CPU will not affect the code.\n\n[1]\n\n[   56.468103] run blktests block/005 at 2021-05-12 14:16:38\n[   57.369473] check_preemption_disabled: 85 callbacks suppressed\n[   57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511\n[   57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510\n[   57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506\n[   57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34\n[   57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[   57.369617] Call Trace:\n[   57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507\n[   57.369628]  dump_stack+0x6d/0x89\n[   57.369642]  check_preemption_disabled+0xc8/0xd0\n[   57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369655]  __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369695]  target_init_cmd+0x76/0x90 [target_core_mod]\n[   57.369732]  tcm_loop_queuecommand+0x109/0x210 [tcm_loop]\n[   57.369744]  scsi_queue_rq+0x38e/0xc40\n[   57.369761]  __blk_mq_try_issue_directly+0x109/0x1c0\n[   57.369779]  blk_mq_try_issue_directly+0x43/0x90\n[   57.369790]  blk_mq_submit_bio+0x4e5/0x5d0\n[   57.369812]  submit_bio_noacct+0x46e/0x4e0\n[   57.369830]  __blkdev_direct_IO_simple+0x1a3/0x2d0\n[   57.369859]  ? set_init_blocksize.isra.0+0x60/0x60\n[   57.369880]  generic_file_read_iter+0x89/0x160\n[   57.369898]  blkdev_read_iter+0x44/0x60\n[   57.369906]  new_sync_read+0x102/0x170\n[   57.369929]  vfs_read+0xd4/0x160\n[   57.369941]  __x64_sys_pread64+0x6e/0xa0\n[   57.369946]  ? lockdep_hardirqs_on+0x79/0x100\n[   57.369958]  do_syscall_64+0x3a/0x70\n[   57.369965]  entry_SYSCALL_64_after_hwframe+0x44/0xae\n[   57.369973] RIP: 0033:0x7f7ed4c1399f\n[   57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b\n[   57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[   57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f\n[   57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009\n[   57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001\n[   57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70\n[   57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568\n[   57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34\n[   57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[   57.370039] Call Trace:\n[   57.370045]  dump_stack+0x6d/0x89\n[   57.370056]  ch\n---truncated---",
      "id": "GSD-2021-47178",
      "modified": "2024-04-03T05:03:55.045343Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@kernel.org",
        "ID": "CVE-2021-47178",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Linux",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "008b936bbde3",
                          "version_value": "a222d2794c53"
                        },
                        {
                          "version_affected": "\u003c",
                          "version_name": "1526d9f10c61",
                          "version_value": "a20b6eaf4f35"
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "status": "affected",
                                "version": "5.11"
                              },
                              {
                                "lessThan": "5.11",
                                "status": "unaffected",
                                "version": "0",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.12.*",
                                "status": "unaffected",
                                "version": "5.12.9",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "*",
                                "status": "unaffected",
                                "version": "5.13",
                                "versionType": "original_commit_for_fix"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Linux"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Avoid smp_processor_id() in preemptible code\n\nThe BUG message \"BUG: using smp_processor_id() in preemptible [00000000]\ncode\" was observed for TCMU devices with kernel config DEBUG_PREEMPT.\n\nThe message was observed when blktests block/005 was run on TCMU devices\nwith fileio backend or user:zbc backend [1]. The commit 1130b499b4a7\n(\"scsi: target: tcm_loop: Use LIO wq cmd submission helper\") triggered the\nsymptom. The commit modified work queue to handle commands and changed\n\u0027current-\u003enr_cpu_allowed\u0027 at smp_processor_id() call.\n\nThe message was also observed at system shutdown when TCMU devices were not\ncleaned up [2]. The function smp_processor_id() was called in SCSI host\nwork queue for abort handling, and triggered the BUG message. This symptom\nwas observed regardless of the commit 1130b499b4a7 (\"scsi: target:\ntcm_loop: Use LIO wq cmd submission helper\").\n\nTo avoid the preemptible code check at smp_processor_id(), get CPU ID with\nraw_smp_processor_id() instead. The CPU ID is used for performance\nimprovement then thread move to other CPU will not affect the code.\n\n[1]\n\n[   56.468103] run blktests block/005 at 2021-05-12 14:16:38\n[   57.369473] check_preemption_disabled: 85 callbacks suppressed\n[   57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511\n[   57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510\n[   57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506\n[   57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34\n[   57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[   57.369617] Call Trace:\n[   57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507\n[   57.369628]  dump_stack+0x6d/0x89\n[   57.369642]  check_preemption_disabled+0xc8/0xd0\n[   57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369655]  __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369695]  target_init_cmd+0x76/0x90 [target_core_mod]\n[   57.369732]  tcm_loop_queuecommand+0x109/0x210 [tcm_loop]\n[   57.369744]  scsi_queue_rq+0x38e/0xc40\n[   57.369761]  __blk_mq_try_issue_directly+0x109/0x1c0\n[   57.369779]  blk_mq_try_issue_directly+0x43/0x90\n[   57.369790]  blk_mq_submit_bio+0x4e5/0x5d0\n[   57.369812]  submit_bio_noacct+0x46e/0x4e0\n[   57.369830]  __blkdev_direct_IO_simple+0x1a3/0x2d0\n[   57.369859]  ? set_init_blocksize.isra.0+0x60/0x60\n[   57.369880]  generic_file_read_iter+0x89/0x160\n[   57.369898]  blkdev_read_iter+0x44/0x60\n[   57.369906]  new_sync_read+0x102/0x170\n[   57.369929]  vfs_read+0xd4/0x160\n[   57.369941]  __x64_sys_pread64+0x6e/0xa0\n[   57.369946]  ? lockdep_hardirqs_on+0x79/0x100\n[   57.369958]  do_syscall_64+0x3a/0x70\n[   57.369965]  entry_SYSCALL_64_after_hwframe+0x44/0xae\n[   57.369973] RIP: 0033:0x7f7ed4c1399f\n[   57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b\n[   57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[   57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f\n[   57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009\n[   57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001\n[   57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70\n[   57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568\n[   57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34\n[   57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[   57.370039] Call Trace:\n[   57.370045]  dump_stack+0x6d/0x89\n[   57.370056]  ch\n---truncated---"
          }
        ]
      },
      "generator": {
        "engine": "bippy-5f0117140d9a"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9"
          },
          {
            "name": "https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f"
          },
          {
            "name": "https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Avoid smp_processor_id() in preemptible code\n\nThe BUG message \"BUG: using smp_processor_id() in preemptible [00000000]\ncode\" was observed for TCMU devices with kernel config DEBUG_PREEMPT.\n\nThe message was observed when blktests block/005 was run on TCMU devices\nwith fileio backend or user:zbc backend [1]. The commit 1130b499b4a7\n(\"scsi: target: tcm_loop: Use LIO wq cmd submission helper\") triggered the\nsymptom. The commit modified work queue to handle commands and changed\n\u0027current-\u003enr_cpu_allowed\u0027 at smp_processor_id() call.\n\nThe message was also observed at system shutdown when TCMU devices were not\ncleaned up [2]. The function smp_processor_id() was called in SCSI host\nwork queue for abort handling, and triggered the BUG message. This symptom\nwas observed regardless of the commit 1130b499b4a7 (\"scsi: target:\ntcm_loop: Use LIO wq cmd submission helper\").\n\nTo avoid the preemptible code check at smp_processor_id(), get CPU ID with\nraw_smp_processor_id() instead. The CPU ID is used for performance\nimprovement then thread move to other CPU will not affect the code.\n\n[1]\n\n[   56.468103] run blktests block/005 at 2021-05-12 14:16:38\n[   57.369473] check_preemption_disabled: 85 callbacks suppressed\n[   57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511\n[   57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510\n[   57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506\n[   57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34\n[   57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[   57.369617] Call Trace:\n[   57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507\n[   57.369628]  dump_stack+0x6d/0x89\n[   57.369642]  check_preemption_disabled+0xc8/0xd0\n[   57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369655]  __target_init_cmd+0x157/0x170 [target_core_mod]\n[   57.369695]  target_init_cmd+0x76/0x90 [target_core_mod]\n[   57.369732]  tcm_loop_queuecommand+0x109/0x210 [tcm_loop]\n[   57.369744]  scsi_queue_rq+0x38e/0xc40\n[   57.369761]  __blk_mq_try_issue_directly+0x109/0x1c0\n[   57.369779]  blk_mq_try_issue_directly+0x43/0x90\n[   57.369790]  blk_mq_submit_bio+0x4e5/0x5d0\n[   57.369812]  submit_bio_noacct+0x46e/0x4e0\n[   57.369830]  __blkdev_direct_IO_simple+0x1a3/0x2d0\n[   57.369859]  ? set_init_blocksize.isra.0+0x60/0x60\n[   57.369880]  generic_file_read_iter+0x89/0x160\n[   57.369898]  blkdev_read_iter+0x44/0x60\n[   57.369906]  new_sync_read+0x102/0x170\n[   57.369929]  vfs_read+0xd4/0x160\n[   57.369941]  __x64_sys_pread64+0x6e/0xa0\n[   57.369946]  ? lockdep_hardirqs_on+0x79/0x100\n[   57.369958]  do_syscall_64+0x3a/0x70\n[   57.369965]  entry_SYSCALL_64_after_hwframe+0x44/0xae\n[   57.369973] RIP: 0033:0x7f7ed4c1399f\n[   57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b\n[   57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[   57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f\n[   57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009\n[   57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001\n[   57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70\n[   57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568\n[   57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34\n[   57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[   57.370039] Call Trace:\n[   57.370045]  dump_stack+0x6d/0x89\n[   57.370056]  ch\n---truncated---"
          },
          {
            "lang": "es",
            "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: target: core: Evite smp_processor_id() en c\u00f3digo interrumpible Se observ\u00f3 el mensaje de ERROR \"ERROR: usar smp_processor_id() en c\u00f3digo interrumpible [00000000]\" para dispositivos TCMU con configuraci\u00f3n de kernel DEBUG_PREEMPT. El mensaje se observ\u00f3 cuando se ejecut\u00f3 blktests block/005 en dispositivos TCMU con backend fileio o usuario:zbc [1]. La confirmaci\u00f3n 1130b499b4a7 (\"scsi: target: tcm_loop: Use el asistente de env\u00edo LIO wq cmd\") desencaden\u00f3 el s\u00edntoma. La confirmaci\u00f3n modific\u00f3 la cola de trabajo para manejar comandos y cambi\u00f3 \u0027current-\u0026gt;nr_cpu_allowed\u0027 en la llamada a smp_processor_id(). El mensaje tambi\u00e9n se observ\u00f3 al apagar el sistema cuando los dispositivos TCMU no se limpiaron [2]. La funci\u00f3n smp_processor_id() fue llamada en la cola de trabajo del host SCSI para el manejo de abortos y activ\u00f3 el mensaje de ERROR. Este s\u00edntoma se observ\u00f3 independientemente de la confirmaci\u00f3n 1130b499b4a7 (\"scsi: target: tcm_loop: Use el asistente de env\u00edo LIO wq cmd\"). Para evitar la verificaci\u00f3n del c\u00f3digo interrumpible en smp_processor_id(), obtenga el ID de la CPU con raw_smp_processor_id() en su lugar. El ID de la CPU se utiliza para mejorar el rendimiento, luego el movimiento del subproceso a otra CPU no afectar\u00e1 el c\u00f3digo. [1] [56.468103] ejecute blktests block/005 el 2021-05-12 14:16:38 [57.369473] check_preemption_disabled: 85 devoluciones de llamada suprimidas [57.369480] ERROR: usar smp_processor_id() en c\u00f3digo preferente [00000000]: fio/151 1 [ 57.369506] ERROR: usar smp_processor_id() en c\u00f3digo interrumpible [00000000]: fio/1510 [57.369512] ERROR: usar smp_processor_id() en c\u00f3digo interrumpible [00000000]: fio/1506 [57.369552] la persona que llama es __target_init_cmd+0 x157/0x170 [objetivo_core_mod] [ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.369613] Nombre del hardware: Fabricante del sistema Nombre del producto del sistema/PRIME Z270-A, BIOS 1302 15/03/2018 [ 57.369617] Seguimiento de llamadas : [57.369621] ERROR: usar smp_processor_id() en c\u00f3digo interrumpible [00000000]: fio/1507 [57.369628] dump_stack+0x6d/0x89 [57.369642] check_preemption_disabled+0xc8/0xd0 [57.369628] la persona que llama es __ target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod] [ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop] [ 57 .369744] scsi_queue_rq+0x38e/0xc40 [ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0 [ 57.369779 ] blk_mq_try_issue_directly+0x43/0x90 [ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0 [ 57.369812] submit_bio_noacct+0x46e/0x4e0 [ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2 d0 [57.369859]? set_init_blocksize.isra.0+0x60/0x60 [ 57.369880] generic_file_read_iter+0x89/0x160 [ 57.369898] blkdev_read_iter+0x44/0x60 [ 57.369906] new_sync_read+0x102/0x170 [ 57.369929 ] vfs_read+0xd4/0x160 [ 57.369941] __x64_sys_pread64+0x6e/0xa0 [ 57.369946] ? lockdep_hardirqs_on+0x79/0x100 [ 57.369958] do_syscall_64+0x3a/0x70 [ 57.369965] Entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.369973] RIP: 0033:0x7f7ed4c1399f [ 5 7.369979] C\u00f3digo: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 \u0026lt;48\u0026gt; 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b [ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011 [ 57.369990] RAX: fffffffffffffffda RBX: 00000000015b4540 RCX: 00 007f7ed4c1399f [ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 000000000000000009 [ 57.369996] RBP: 00000000015b4540 R08: 000 0000000000000 R09: 0000000000000001 [ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70 [ 57.370002] R13: 00000000000000000 R14: 000000000000 1000 R15: 00000000015b4568 [57.370031] CPU: 7 PID: 1507 ---truncado---"
          }
        ],
        "id": "CVE-2021-47178",
        "lastModified": "2024-04-04T14:15:08.850",
        "metrics": {},
        "published": "2024-03-25T10:15:09.267",
        "references": [
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/a222d2794c53f8165de20aa91b39e35e4b72bce9"
          }
        ],
        "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-47178 (GCVE-0-2021-47178)

FKIE_CVE-2021-47178

CVE-2021-47178

GHSA-VMQF-GRH3-9RRR

CERTFR-2024-AVI-0478

Solutions

GSD-2021-47178

Tags

Sightings

Nomenclature