CVE-2021-47016: Linux Kernel Vulnerability Resolution - m68k: mvme147, mvme16x PCC Timer Config Bits Issue

A vulnerability has been discovered and resolved in the Linux kernel, specifically affecting the m68k architecture in the mvme147 and mvme16x platforms. The vulnerability lies in the handling of the PCC timer configuration bits, which can lead to the system hanging during initialization as the jiffies counter is not updated. This article discusses the vulnerability, its impact, and the fix provided to resolve this issue.

Vulnerability Details

The issue occurs when the timer 1 configuration bits are cleared while clearing the interrupt flag and counter overflow. This leads to no timer interrupts being delivered after the first one, causing the system to hang during initialization in the calibrate_delay function as the jiffies counter fails to update.

The vulnerability affects the m68k architecture only, specifically the mvme147 and mvme16x platforms. Systems running on these platforms are left vulnerable to this issue and can be exploited by attackers to cause a denial of service.

Exploit Details

Currently, there are no known active exploits targeting this vulnerability. However, given the potential risk, it is essential to apply the available patch to mitigate possible future attacks.

Resolution

The resolution of this vulnerability comes in the form of a patch. The patch ensures that the timer 1 configuration bits are not cleared when clearing the interrupt flag and counter overflow, thus preventing the issue leading to a system hang.

Here's the code snippet representing the patch applied to the m68k architecture

++ /* Enable timer 1 after requesting irq */ 
++ mvme16x_pcc->t1cntl.t1c_enable = 1;
   return ;

On the mvme16x platform, the patch enables the timer 1 after requesting the IRQ, bringing it in line with the behavior on the mvme147 platform.

To read more about the vulnerability (CVE-2021-47016) and the patch, visit the following links

1. Linux kernel Git commit - link
2. Kernel.org Patchwork - link
3. CVE Details - link

Conclusion

CVE-2021-47016 is a vulnerability in the Linux kernel that affects the m68k: mvme147 and mvme16x platforms. The issue lies in the handling of the PCC timer configuration bits. The provided patch resolves this vulnerability by ensuring that the timer 1 configuration bits are not cleared when clearing the interrupt flag and counter overflow. It is crucial to apply this patch on affected systems to prevent any potential attacks exploiting this vulnerability.

Timeline

Published on: 02/29/2024 23:15:07 UTC
Last modified on: 03/01/2024 14:04:26 UTC