U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2021-47434 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is located at [6:63] bits of the command ring control register (CRCR). All the control bits like command stop, abort are located at [0:3] bits. While aborting a command, we read the CRCR and set the abort bit and write to the CRCR. The read will always give command ring pointer as all zeros. So we essentially write only the control bits. Since we split the 64 bit write into two 32 bit writes, there is a possibility of xHC command ring stopped before the upper dword (all zeros) is written. If that happens, xHC updates the upper dword of its internal command ring pointer with all zeros. Next time, when the command ring is restarted, we see xHC memory access failures. Fix this issue by only writing to the lower dword of CRCR where all control bits are located.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/01c2dcb67e71c351006dd17cbba86c26b7f61eaf
https://git.kernel.org/stable/c/01c2dcb67e71c351006dd17cbba86c26b7f61eaf
https://git.kernel.org/stable/c/22bcb65ea41072ab5d03c0c6290e04e0df6d09a0
https://git.kernel.org/stable/c/22bcb65ea41072ab5d03c0c6290e04e0df6d09a0
https://git.kernel.org/stable/c/62c182b5e763e5f4062e72678e72ce3e02dd4d1b
https://git.kernel.org/stable/c/62c182b5e763e5f4062e72678e72ce3e02dd4d1b
https://git.kernel.org/stable/c/dec944bb7079b37968cf69c8a438f91f15c4cc61
https://git.kernel.org/stable/c/dec944bb7079b37968cf69c8a438f91f15c4cc61
https://git.kernel.org/stable/c/e54abefe703ab7c4e5983e889babd1447738ca42
https://git.kernel.org/stable/c/e54abefe703ab7c4e5983e889babd1447738ca42
https://git.kernel.org/stable/c/ff0e50d3564f33b7f4b35cadeabd951d66cfc570
https://git.kernel.org/stable/c/ff0e50d3564f33b7f4b35cadeabd951d66cfc570

Weakness Enumeration

CWE-ID CWE Name Source

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2021-47434
NVD Published Date:
05/22/2024
NVD Last Modified:
11/21/2024
Source:
kernel.org