{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-46970","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-27T18:42:55.943Z","datePublished":"2024-02-27T18:47:06.071Z","dateUpdated":"2025-05-04T07:01:24.788Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:01:24.788Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue\n\nA recent change created a dedicated workqueue for the state-change work\nwith WQ_HIGHPRI (no strong reason for that) and WQ_MEM_RECLAIM flags,\nbut the state-change work (mhi_pm_st_worker) does not guarantee forward\nprogress under memory pressure, and will even wait on various memory\nallocations when e.g. creating devices, loading firmware, etc... The\nwork is then not part of a memory reclaim path...\n\nMoreover, this causes a warning in check_flush_dependency() since we end\nup in code that flushes a non-reclaim workqueue:\n\n[   40.969601] workqueue: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] is flushing !WQ_MEM_RECLAIM events_highpri:flush_backlog\n[   40.969612] WARNING: CPU: 4 PID: 158 at kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140\n[   40.969733] Call Trace:\n[   40.969740]  __flush_work+0x97/0x1d0\n[   40.969745]  ? wake_up_process+0x15/0x20\n[   40.969749]  ? insert_work+0x70/0x80\n[   40.969750]  ? __queue_work+0x14a/0x3e0\n[   40.969753]  flush_work+0x10/0x20\n[   40.969756]  rollback_registered_many+0x1c9/0x510\n[   40.969759]  unregister_netdevice_queue+0x94/0x120\n[   40.969761]  unregister_netdev+0x1d/0x30\n[   40.969765]  mhi_net_remove+0x1a/0x40 [mhi_net]\n[   40.969770]  mhi_driver_remove+0x124/0x250 [mhi]\n[   40.969776]  device_release_driver_internal+0xf0/0x1d0\n[   40.969778]  device_release_driver+0x12/0x20\n[   40.969782]  bus_remove_device+0xe1/0x150\n[   40.969786]  device_del+0x17b/0x3e0\n[   40.969791]  mhi_destroy_device+0x9a/0x100 [mhi]\n[   40.969796]  ? mhi_unmap_single_use_bb+0x50/0x50 [mhi]\n[   40.969799]  device_for_each_child+0x5e/0xa0\n[   40.969804]  mhi_pm_st_worker+0x921/0xf50 [mhi]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/bus/mhi/core/init.c"],"versions":[{"version":"8f70397876872789b2a5deba804eb6216fb5deb7","lessThan":"abd1510c08a13c88d24b622a83c82e87ff1d3135","status":"affected","versionType":"git"},{"version":"8f70397876872789b2a5deba804eb6216fb5deb7","lessThan":"ed541cff35cbdb695f0c98ef506dd7218883fc07","status":"affected","versionType":"git"},{"version":"8f70397876872789b2a5deba804eb6216fb5deb7","lessThan":"0fccbf0a3b690b162f53b13ed8bc442ea33437dc","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/bus/mhi/core/init.c"],"versions":[{"version":"5.11","status":"affected"},{"version":"0","lessThan":"5.11","status":"unaffected","versionType":"semver"},{"version":"5.11.20","lessThanOrEqual":"5.11.*","status":"unaffected","versionType":"semver"},{"version":"5.12.3","lessThanOrEqual":"5.12.*","status":"unaffected","versionType":"semver"},{"version":"5.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.11.20"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.12.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135"},{"url":"https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07"},{"url":"https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc"}],"title":"bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-46970","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-03-05T22:31:16.861503Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:13:05.954Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:17:42.997Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc","tags":["x_transferred"]}]}]}}