{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47268","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-21T13:27:52.127Z","datePublished":"2024-05-21T14:19:58.550Z","dateUpdated":"2025-05-04T07:07:34.783Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:07:34.783Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: cancel vdm and state machine hrtimer when unregister tcpm port\n\nA pending hrtimer may expire after the kthread_worker of tcpm port\nis destroyed, see below kernel dump when do module unload, fix it\nby cancel the 2 hrtimers.\n\n[  111.517018] Unable to handle kernel paging request at virtual address ffff8000118cb880\n[  111.518786] blk_update_request: I/O error, dev sda, sector 60061185 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0\n[  111.526594] Mem abort info:\n[  111.526597]   ESR = 0x96000047\n[  111.526600]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  111.526604]   SET = 0, FnV = 0\n[  111.526607]   EA = 0, S1PTW = 0\n[  111.526610] Data abort info:\n[  111.526612]   ISV = 0, ISS = 0x00000047\n[  111.526615]   CM = 0, WnR = 1\n[  111.526619] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000041d75000\n[  111.526623] [ffff8000118cb880] pgd=10000001bffff003, p4d=10000001bffff003, pud=10000001bfffe003, pmd=10000001bfffa003, pte=0000000000000000\n[  111.526642] Internal error: Oops: 96000047 [#1] PREEMPT SMP\n[  111.526647] Modules linked in: dwc3_imx8mp dwc3 phy_fsl_imx8mq_usb [last unloaded: tcpci]\n[  111.526663] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.13.0-rc4-00927-gebbe9dbd802c-dirty #36\n[  111.526670] Hardware name: NXP i.MX8MPlus EVK board (DT)\n[  111.526674] pstate: 800000c5 (Nzcv daIF -PAN -UAO -TCO BTYPE=--)\n[  111.526681] pc : queued_spin_lock_slowpath+0x1a0/0x390\n[  111.526695] lr : _raw_spin_lock_irqsave+0x88/0xb4\n[  111.526703] sp : ffff800010003e20\n[  111.526706] x29: ffff800010003e20 x28: ffff00017f380180\n[  111.537156] buffer_io_error: 6 callbacks suppressed\n[  111.537162] Buffer I/O error on dev sda1, logical block 60040704, async page read\n[  111.539932]  x27: ffff00017f3801c0\n[  111.539938] x26: ffff800010ba2490 x25: 0000000000000000 x24: 0000000000000001\n[  111.543025] blk_update_request: I/O error, dev sda, sector 60061186 op 0x0:(READ) flags 0x0 phys_seg 7 prio class 0\n[  111.548304]\n[  111.548306] x23: 00000000000000c0 x22: ffff0000c2a9f184 x21: ffff00017f380180\n[  111.551374] Buffer I/O error on dev sda1, logical block 60040705, async page read\n[  111.554499]\n[  111.554503] x20: ffff0000c5f14210 x19: 00000000000000c0 x18: 0000000000000000\n[  111.557391] Buffer I/O error on dev sda1, logical block 60040706, async page read\n[  111.561218]\n[  111.561222] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n[  111.564205] Buffer I/O error on dev sda1, logical block 60040707, async page read\n[  111.570887] x14: 00000000000000f5 x13: 0000000000000001 x12: 0000000000000040\n[  111.570902] x11: ffff0000c05ac6d8\n[  111.583420] Buffer I/O error on dev sda1, logical block 60040708, async page read\n[  111.588978]  x10: 0000000000000000 x9 : 0000000000040000\n[  111.588988] x8 : 0000000000000000\n[  111.597173] Buffer I/O error on dev sda1, logical block 60040709, async page read\n[  111.605766]  x7 : ffff00017f384880 x6 : ffff8000118cb880\n[  111.605777] x5 : ffff00017f384880\n[  111.611094] Buffer I/O error on dev sda1, logical block 60040710, async page read\n[  111.617086]  x4 : 0000000000000000 x3 : ffff0000c2a9f184\n[  111.617096] x2 : ffff8000118cb880\n[  111.622242] Buffer I/O error on dev sda1, logical block 60040711, async page read\n[  111.626927]  x1 : ffff8000118cb880 x0 : ffff00017f384888\n[  111.626938] Call trace:\n[  111.626942]  queued_spin_lock_slowpath+0x1a0/0x390\n[  111.795809]  kthread_queue_work+0x30/0xc0\n[  111.799828]  state_machine_timer_handler+0x20/0x30\n[  111.804624]  __hrtimer_run_queues+0x140/0x1e0\n[  111.808990]  hrtimer_interrupt+0xec/0x2c0\n[  111.813004]  arch_timer_handler_phys+0x38/0x50\n[  111.817456]  handle_percpu_devid_irq+0x88/0x150\n[  111.821991]  __handle_domain_irq+0x80/0xe0\n[  111.826093]  gic_handle_irq+0xc0/0x140\n[  111.829848]  el1_irq+0xbc/0x154\n[  111.832991]  arch_cpu_idle+0x1c/0x2c\n[  111.836572]  default_idle_call+0x24/0x6c\n[  111.840497]  do_idle+0x238/0x2ac\n[  1\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/typec/tcpm/tcpm.c"],"versions":[{"version":"3ed8e1c2ac9914a2fcb08ec13476b85319536cea","lessThan":"18eaf0de50eadeeb395b83310b259b21ad8ed0a6","status":"affected","versionType":"git"},{"version":"3ed8e1c2ac9914a2fcb08ec13476b85319536cea","lessThan":"d0a06696a8a4d99f649240b6f9b8a2e55452ecf5","status":"affected","versionType":"git"},{"version":"3ed8e1c2ac9914a2fcb08ec13476b85319536cea","lessThan":"3a13ff7ef4349d70d1d18378d661117dd5af8efe","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/usb/typec/tcpm/tcpm.c"],"versions":[{"version":"5.10","status":"affected"},{"version":"0","lessThan":"5.10","status":"unaffected","versionType":"semver"},{"version":"5.10.44","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.12.11","lessThanOrEqual":"5.12.*","status":"unaffected","versionType":"semver"},{"version":"5.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.10.44"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.12.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/18eaf0de50eadeeb395b83310b259b21ad8ed0a6"},{"url":"https://git.kernel.org/stable/c/d0a06696a8a4d99f649240b6f9b8a2e55452ecf5"},{"url":"https://git.kernel.org/stable/c/3a13ff7ef4349d70d1d18378d661117dd5af8efe"}],"title":"usb: typec: tcpm: cancel vdm and state machine hrtimer when unregister tcpm port","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-12T15:24:57.809869Z","id":"CVE-2021-47268","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-12T15:25:08.195Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:32:07.939Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/18eaf0de50eadeeb395b83310b259b21ad8ed0a6","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/d0a06696a8a4d99f649240b6f9b8a2e55452ecf5","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3a13ff7ef4349d70d1d18378d661117dd5af8efe","tags":["x_transferred"]}]}]}}