CVE-2021-47005: PCI Endpoint NULL Pointer Dereference Vulnerability in the Linux Kernel

In the Linux kernel, a recent vulnerability (CVE-2021-47005) has been discovered and resolved, which is related to the PCI endpoint subsystem. The vulnerability affects the get_features ops of pci_epc_ops and can cause a NULL pointer dereference in the pci_epf_test_alloc_space function. In this post, we'll explore the details of the vulnerability and the necessary patch to fix it.

Original References

- kernel.org: PCI: endpoint: Fix NULL pointer dereference for ->get_features()

Exploit Details

The get_features ops of pci_epc_ops might return NULL, leading to a NULL pointer dereference in the pci_epf_test_alloc_space function. To avoid this, we need to add a check for the pci_epc_feature pointer in the pci_epf_test_bind function before accessing it and return -ENOTSUPP in case the pci_epc_feature is not found.

Here's the code snippet of the fix

if (!epc->ops->get_features) {
    dev_err(dev, "EPC device %s does not support this feature\n", epc->dev.parent->init_name);
    return -ENOTSUPP;
}

Without the patch applied and EPC features not implemented in the platform driver, the following dump can be observed due to kernel NULL pointer dereference:

Call trace:
 pci_epf_test_bind+xf4/x388
 pci_epf_bind+x3c/x80
 pci_epc_epf_link+xa8/xcc
 configfs_symlink+x1a4/x48c
 vfs_symlink+x104/x184
 do_symlinkat+x80/xd4
 __arm64_sys_symlinkat+x1c/x24
 el_svc_common.constprop.3+xb8/x170
 el_svc_handler+x70/x88
 el_svc+x8/x640
Code: d2800581 b9403ab9 f9404ebb 8b394f60 (f940040)
---[ end trace a438e3c5a24f9df ]---

To protect your Linux kernel from this vulnerability, it's essential to update to the latest stable version that incorporates the necessary patch. You can find the patch on the official kernel.org repository:

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a80de4e55da76a684c26e23acfd3d13def4389d

In conclusion, CVE-2021-47005 is a NULL pointer dereference vulnerability in the Linux kernel that affects the PCI endpoint subsystem and can potentially crash the kernel. This vulnerability has been addressed and resolved by adding a check for the pci_epc_feature pointer in the pci_epf_test_bind function. It is essential to update your kernel to the latest stable version containing the required patch to safeguard your system from this vulnerability.

Timeline

Published on: 02/28/2024 09:15:38 UTC
Last modified on: 02/28/2024 14:06:45 UTC