2293241 – (CVE-2021-47587) CVE-2021-47587 kernel: net: systemport: Add global locking for descriptor lifecycle

Bug 2293241 (CVE-2021-47587) - CVE-2021-47587 kernel: net: systemport: Add global locking for descriptor lifecycle

Summary: CVE-2021-47587 kernel: net: systemport: Add global locking for descriptor lif...

Keywords:
Status:	NEW
Alias:	CVE-2021-47587
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2293209
TreeView+	depends on / blocked

Reported:	2024-06-20 10:52 UTC by Avinash Hanwate
Modified:	2024-09-20 08:48 UTC (History)
CC List:	5 users (show)
Fixed In Version:	kernel 4.4.296, kernel 4.9.294, kernel 4.14.259, kernel 4.19.222, kernel 5.4.168, kernel 5.10.88, kernel 5.15.11, kernel 5.16
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in the Linux kernel in the bcmsysport.c driver and is caused by unsynchronized access to the shared descriptor list, which without proper locking, can corrupt the descriptors if there is concurrent access. This vulnerability can lead to packet transmission issues such as incorrect checksums and network instability.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Avinash Hanwate 2024-06-20 10:52:16 UTC

In the Linux kernel, the following vulnerability has been resolved:

net: systemport: Add global locking for descriptor lifecycle

The Linux kernel CVE team has assigned CVE-2021-47587 to this issue.

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024061918-CVE-2021-47587-9146@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.