A recently patched vulnerability (CVE-2021-47027) in the Linux kernel involves the mt76 module, specifically the mt7921 component. The kernel may crash if the firmware is missing or fails to download, causing a serious problem for users running devices with this chipset.
Here's a snippet of the kernel log when the crash occurs
[ 9.444758] kernel BUG at drivers/pci/msi.c:375!
[ 9.449363] Internal error: Oops - BUG: [#1] PREEMPT SMP
...
[ 9.697385] Kernel panic - not syncing: Fatal exception
[ 9.702599] SMP: stopping secondary CPUs
This vulnerability was patched in a recent commit to the Linux kernel source code
1. mt76: mt7921: fix kernel crash when the firmware fails to download
Exploit Details
The issue appears when the system is unable to download or find the necessary firmware for the mt76: mt7921 driver, triggering a crash in the kernel. Specifically, the kernel crashes while freeing MSI (Message Signaled Interrupts) vectors during the PCI (Peripheral Component Interconnect) driver probe process.
This can lead to device crashes and hangs, which may render a system unusable or significantly degraded in performance.
Ensure that the PCI driver frees the MSI interrupts only when they are actually allocated.
These changes prevent the kernel from encountering the crash condition where the firmware is missing or fails to download during driver initialization.
Conclusion
CVE-2021-47027 is a notable vulnerability in the Linux kernel mt76 module, specifically the mt7921 component. Users running devices with this chipset must ensure they have updated their kernel to avoid any potential crashes caused by missing or failed firmware downloads. Regular kernel updates and vigilance can keep users protected from such vulnerabilities.
Timeline
Published on: 02/28/2024 09:15:39 UTC
Last modified on: 01/10/2025 18:24:08 UTC