{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47349","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-21T14:28:16.983Z","datePublished":"2024-05-21T14:35:54.314Z","dateUpdated":"2025-05-04T07:09:08.342Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:09:08.342Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmwifiex: bring down link before deleting interface\n\nWe can deadlock when rmmod'ing the driver or going through firmware\nreset, because the cfg80211_unregister_wdev() has to bring down the link\nfor us, ... which then grab the same wiphy lock.\n\nnl80211_del_interface() already handles a very similar case, with a nice\ndescription:\n\n /*\n * We hold RTNL, so this is safe, without RTNL opencount cannot\n * reach 0, and thus the rdev cannot be deleted.\n *\n * We need to do it for the dev_close(), since that will call\n * the netdev notifiers, and we need to acquire the mutex there\n * but don't know if we get there from here or from some other\n * place (e.g. \"ip link set ... down\").\n */\n mutex_unlock(&rdev->wiphy.mtx);\n...\n\nDo similarly for mwifiex teardown, by ensuring we bring the link down\nfirst.\n\nSample deadlock trace:\n\n[ 247.103516] INFO: task rmmod:2119 blocked for more than 123 seconds.\n[ 247.110630] Not tainted 5.12.4 #5\n[ 247.115796] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[ 247.124557] task:rmmod state:D stack: 0 pid: 2119 ppid: 2114 flags:0x00400208\n[ 247.133905] Call trace:\n[ 247.136644] __switch_to+0x130/0x170\n[ 247.140643] __schedule+0x714/0xa0c\n[ 247.144548] schedule_preempt_disabled+0x88/0xf4\n[ 247.149714] __mutex_lock_common+0x43c/0x750\n[ 247.154496] mutex_lock_nested+0x5c/0x68\n[ 247.158884] cfg80211_netdev_notifier_call+0x280/0x4e0 [cfg80211]\n[ 247.165769] raw_notifier_call_chain+0x4c/0x78\n[ 247.170742] call_netdevice_notifiers_info+0x68/0xa4\n[ 247.176305] __dev_close_many+0x7c/0x138\n[ 247.180693] dev_close_many+0x7c/0x10c\n[ 247.184893] unregister_netdevice_many+0xfc/0x654\n[ 247.190158] unregister_netdevice_queue+0xb4/0xe0\n[ 247.195424] _cfg80211_unregister_wdev+0xa4/0x204 [cfg80211]\n[ 247.201816] cfg80211_unregister_wdev+0x20/0x2c [cfg80211]\n[ 247.208016] mwifiex_del_virtual_intf+0xc8/0x188 [mwifiex]\n[ 247.214174] mwifiex_uninit_sw+0x158/0x1b0 [mwifiex]\n[ 247.219747] mwifiex_remove_card+0x38/0xa0 [mwifiex]\n[ 247.225316] mwifiex_pcie_remove+0xd0/0xe0 [mwifiex_pcie]\n[ 247.231451] pci_device_remove+0x50/0xe0\n[ 247.235849] device_release_driver_internal+0x110/0x1b0\n[ 247.241701] driver_detach+0x5c/0x9c\n[ 247.245704] bus_remove_driver+0x84/0xb8\n[ 247.250095] driver_unregister+0x3c/0x60\n[ 247.254486] pci_unregister_driver+0x2c/0x90\n[ 247.259267] cleanup_module+0x18/0xcdc [mwifiex_pcie]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wireless/marvell/mwifiex/main.c"],"versions":[{"version":"a05829a7222e9d10c416dd2dbbf3929fe6646b89","lessThan":"a3041d39d3c14da97fa3476835aba043ba810cf0","status":"affected","versionType":"git"},{"version":"a05829a7222e9d10c416dd2dbbf3929fe6646b89","lessThan":"35af69c7c0490fdccfc159c6a87e4d1dc070838a","status":"affected","versionType":"git"},{"version":"a05829a7222e9d10c416dd2dbbf3929fe6646b89","lessThan":"1f9482aa8d412b4ba06ce6ab8e333fb8ca29a06e","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wireless/marvell/mwifiex/main.c"],"versions":[{"version":"5.12","status":"affected"},{"version":"0","lessThan":"5.12","status":"unaffected","versionType":"semver"},{"version":"5.12.18","lessThanOrEqual":"5.12.*","status":"unaffected","versionType":"semver"},{"version":"5.13.3","lessThanOrEqual":"5.13.*","status":"unaffected","versionType":"semver"},{"version":"5.14","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12","versionEndExcluding":"5.12.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12","versionEndExcluding":"5.13.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.12","versionEndExcluding":"5.14"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a3041d39d3c14da97fa3476835aba043ba810cf0"},{"url":"https://git.kernel.org/stable/c/35af69c7c0490fdccfc159c6a87e4d1dc070838a"},{"url":"https://git.kernel.org/stable/c/1f9482aa8d412b4ba06ce6ab8e333fb8ca29a06e"}],"title":"mwifiex: bring down link before deleting interface","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:32:08.509Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/a3041d39d3c14da97fa3476835aba043ba810cf0","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/35af69c7c0490fdccfc159c6a87e4d1dc070838a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/1f9482aa8d412b4ba06ce6ab8e333fb8ca29a06e","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-47349","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:38:43.542695Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:32:57.818Z"}}]}}