CVE-2021-46914: ixgbe Unbalanced Device Enable/Disable Vulnerability in Linux Kernel

A vulnerability, tagged as CVE-2021-46914, has been recently identified and resolved in the Linux kernel concerning the Intel Ethernet Controller (ixgbe) driver. This issue is caused by an unbalanced increase/decrease of the device enable count in the suspend/resume process that could lead to unforeseen consequences. This blog post will cover the details of the vulnerability, the code snippet of the fix, and links to the original references.

Background

In the Intel Ethernet Controller (ixgbe) driver of the Linux kernel, a crucial vulnerability was detected, involving an unbalanced increase/decrease in the device enable/disable count. When handling device suspension and resumption, this issue occurs due to the absence of pci_enable_device_mem() in ixgbe_resume() function.

The bug was introduced in commit 6f82b2558735 ("ixgbe: use generic power management"), which removed the pci_enable_device_mem() call. This led to problems in the proper enabling and disabling of the device, causing call trace discrepancies.

Exploit Details

The problem arises when pci_disable_device() is called in the __ixgbe_shutdown() function, which results in a decrease in dev->enable_cnt by 1. Since pci_enable_device_mem() was removed from the ixgbe_resume() function, an unbalanced increase/decrease of dev->enable_cnt occurs.

Fix:

To resolve this issue, the pci_enable_device_mem() function needs to be added back to the ixgbe_resume() function. The code snippet below shows the proper implementation of the pci_enable_device_mem() function call in the ixgbe_resume() function.

Code Snippet

  ixgbe 000:17:00.1: disabling already-disabled device
  Call Trace:
   __ixgbe_shutdown+x10a/x1e [ixgbe]
   ixgbe_suspend+x32/x70 [ixgbe]
   pci_pm_suspend+x87/x160
   ? pci_pm_freeze+xd/xd
   dpm_run_callback+x42/x170
   __device_suspend+x114/x460
   async_suspend+x1f/xa
   async_run_entry_fn+x3c/xf
   process_one_work+x1dd/x410
   worker_thread+x34/x3f
   ? cancel_delayed_work+x90/x90
   kthread+x14c/x170
   ? kthread_park+x90/x90
   ret_from_fork+x1f/x30

Overcoming CVE-2021-46914

Adding pci_enable_device_mem() function call back to the ixgbe_resume() function amends the unbalanced increase/decrease in the device enable/disable count and resolves the vulnerability.

Original References

1. Linux Kernel Patch - PCI: Add pci_enable_device_mem() back to ixgbe_resume()
2. CVE-2021-46914 - NVD

Conclusion

The Intel Ethernet Controller (ixgbe) driver vulnerability (CVE-2021-46914) highlights the importance of consistent and thoroughly tested implementations in power management-related code. Properly balancing device enable/disable counts is essential for preventing situations that might result in device misbehavior or system crashes. Updating your Linux kernel to include the recommended fix will help ensure your system is protected against this specific vulnerability.

Timeline

Published on: 02/27/2024 07:15:07 UTC
Last modified on: 04/10/2024 14:03:21 UTC