CVE-2021-46970: Linux Kernel Vulnerability Resolved in bus:mhi:pci_generic

A new vulnerability, CVE-2021-46970, was recently discovered in the Linux kernel. The vulnerability was found in the bus:mhi:pci_generic module and has since been resolved. This blog post will delve into the details surrounding the vulnerability, including code snippets, links to original references, and exploit details.

Vulnerability Details

The vulnerability affects the Linux kernel's bus:mhi:pci_generic module. The issue stems from a recent change that created a dedicated workqueue for the state-change work, with the WQ_HIGHPRI (no strong reason for that) and WQ_MEM_RECLAIM flags. The problem is that the state-change work (mhi_pm_st_worker) does not guarantee forward progress under memory pressure, and may even wait on various memory allocations when creating devices or loading firmware, for example. Furthermore, the work is not part of a memory reclaim path.

This particular issue causes a warning in check_flush_dependency(), as the following code snippet demonstrates:

[   40.969601] workqueue: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] is flushing !WQ_MEM_RECLAIM events_highpri:flush_backlog
[   40.969612] WARNING: CPU: 4 PID: 158 at kernel/workqueue.c:2607 check_flush_dependency+x11c/x140
[   40.969733] Call Trace:
[   40.969740]  __flush_work+x97/x1d
[   40.969745]  ? wake_up_process+x15/x20
[   40.969749]  ? insert_work+x70/x80
[   40.969750]  ? __queue_work+x14a/x3e
[   40.969753]  flush_work+x10/x20
[   40.969756]  rollback_registered_many+x1c9/x510
[   40.969759]  unregister_netdevice_queue+x94/x120
[   40.969761]  unregister_netdev+x1d/x30
[   40.969765]  mhi_net_remove+x1a/x40 [mhi_net]
[   40.969770]  mhi_driver_remove+x124/x250 [mhi]
[   40.969776]  device_release_driver_internal+xf/x1d
[   40.969778]  device_release_driver+x12/x20
[   40.969782]  bus_remove_device+xe1/x150
[   40.969786]  device_del+x17b/x3e
[   40.969791]  mhi_destroy_device+x9a/x100 [mhi]
[   40.969796]  ? mhi_unmap_single_use_bb+x50/x50 [mhi]
[   40.969799]  device_for_each_child+x5e/xa
[   40.969804]  mhi_pm_st_worker+x921/xf50 [mhi]

The Linux kernel developers have resolved this vulnerability with a patch that removes the WQ_MEM_RECLAIM flag from the state workqueue. For more information on the fix, see the original patch details here.

Exploit Details

Although the vulnerability has been patched, it is still essential for system administrators and developers to be aware of the possible impact if an attacker were to exploit this vulnerability successfully. An attacker could create a denial-of-service condition by forcing the system's kernel to perform excessive memory allocation and causing subsequent resource exhaustion.

Ensuring that your Linux kernel is up to date with the most recent patches is the best way to mitigate the risk posed by this vulnerability. Additionally, monitoring logs and employing intrusion prevention systems can help detect and prevent any attempts to exploit this vulnerability.

Conclusion

CVE-2021-46970 was discovered in the Linux kernel's bus:mhi:pci_generic module and has since been resolved. System administrators and developers should ensure that their systems are up to date with the latest patches to avoid potential exploitation. Monitoring logs and using intrusion prevention systems can also help mitigate the risk posed by this vulnerability.

Timeline

Published on: 02/27/2024 19:04:07 UTC
Last modified on: 02/28/2024 14:06:45 UTC