{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47400","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-21T14:58:30.816Z","datePublished":"2024-05-21T15:03:55.368Z","dateUpdated":"2025-05-04T07:10:11.180Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:10:11.180Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: do not allow call hns3_nic_net_open repeatedly\n\nhns3_nic_net_open() is not allowed to called repeatly, but there\nis no checking for this. When doing device reset and setup tc\nconcurrently, there is a small oppotunity to call hns3_nic_net_open\nrepeatedly, and cause kernel bug by calling napi_enable twice.\n\nThe calltrace information is like below:\n[ 3078.222780] ------------[ cut here ]------------\n[ 3078.230255] kernel BUG at net/core/dev.c:6991!\n[ 3078.236224] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP\n[ 3078.243431] Modules linked in: hns3 hclgevf hclge hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O)\n[ 3078.258880] CPU: 0 PID: 295 Comm: kworker/u8:5 Tainted: G           O      5.14.0-rc4+ #1\n[ 3078.269102] Hardware name:  , BIOS KpxxxFPGA 1P B600 V181 08/12/2021\n[ 3078.276801] Workqueue: hclge hclge_service_task [hclge]\n[ 3078.288774] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)\n[ 3078.296168] pc : napi_enable+0x80/0x84\ntc qdisc sho[w  3d0e7v8 .e3t0h218 79] lr : hns3_nic_net_open+0x138/0x510 [hns3]\n\n[ 3078.314771] sp : ffff8000108abb20\n[ 3078.319099] x29: ffff8000108abb20 x28: 0000000000000000 x27: ffff0820a8490300\n[ 3078.329121] x26: 0000000000000001 x25: ffff08209cfc6200 x24: 0000000000000000\n[ 3078.339044] x23: ffff0820a8490300 x22: ffff08209cd76000 x21: ffff0820abfe3880\n[ 3078.349018] x20: 0000000000000000 x19: ffff08209cd76900 x18: 0000000000000000\n[ 3078.358620] x17: 0000000000000000 x16: ffffc816e1727a50 x15: 0000ffff8f4ff930\n[ 3078.368895] x14: 0000000000000000 x13: 0000000000000000 x12: 0000259e9dbeb6b4\n[ 3078.377987] x11: 0096a8f7e764eb40 x10: 634615ad28d3eab5 x9 : ffffc816ad8885b8\n[ 3078.387091] x8 : ffff08209cfc6fb8 x7 : ffff0820ac0da058 x6 : ffff0820a8490344\n[ 3078.396356] x5 : 0000000000000140 x4 : 0000000000000003 x3 : ffff08209cd76938\n[ 3078.405365] x2 : 0000000000000000 x1 : 0000000000000010 x0 : ffff0820abfe38a0\n[ 3078.414657] Call trace:\n[ 3078.418517]  napi_enable+0x80/0x84\n[ 3078.424626]  hns3_reset_notify_up_enet+0x78/0xd0 [hns3]\n[ 3078.433469]  hns3_reset_notify+0x64/0x80 [hns3]\n[ 3078.441430]  hclge_notify_client+0x68/0xb0 [hclge]\n[ 3078.450511]  hclge_reset_rebuild+0x524/0x884 [hclge]\n[ 3078.458879]  hclge_reset_service_task+0x3c4/0x680 [hclge]\n[ 3078.467470]  hclge_service_task+0xb0/0xb54 [hclge]\n[ 3078.475675]  process_one_work+0x1dc/0x48c\n[ 3078.481888]  worker_thread+0x15c/0x464\n[ 3078.487104]  kthread+0x160/0x170\n[ 3078.492479]  ret_from_fork+0x10/0x18\n[ 3078.498785] Code: c8027c81 35ffffa2 d50323bf d65f03c0 (d4210000)\n[ 3078.506889] ---[ end trace 8ebe0340a1b0fb44 ]---\n\nOnce hns3_nic_net_open() is excute success, the flag\nHNS3_NIC_STATE_DOWN will be cleared. So add checking for this\nflag, directly return when HNS3_NIC_STATE_DOWN is no set."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/hisilicon/hns3/hns3_enet.c"],"versions":[{"version":"e888402789b9db5de4fcda361331d66dbf0cd9fd","lessThan":"5a31d4e73ada8022427b69b10fd1f01a6a8d4b3d","status":"affected","versionType":"git"},{"version":"e888402789b9db5de4fcda361331d66dbf0cd9fd","lessThan":"f8ba689cb69523144d10606096ef686002dd7285","status":"affected","versionType":"git"},{"version":"e888402789b9db5de4fcda361331d66dbf0cd9fd","lessThan":"3dac38bdce7932901b9f0b71c62331852c809e61","status":"affected","versionType":"git"},{"version":"e888402789b9db5de4fcda361331d66dbf0cd9fd","lessThan":"5b09e88e1bf7fe86540fab4b5f3eece8abead39e","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/hisilicon/hns3/hns3_enet.c"],"versions":[{"version":"5.0","status":"affected"},{"version":"0","lessThan":"5.0","status":"unaffected","versionType":"semver"},{"version":"5.4.151","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.71","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.14.10","lessThanOrEqual":"5.14.*","status":"unaffected","versionType":"semver"},{"version":"5.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.4.151"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.10.71"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.14.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.15"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5a31d4e73ada8022427b69b10fd1f01a6a8d4b3d"},{"url":"https://git.kernel.org/stable/c/f8ba689cb69523144d10606096ef686002dd7285"},{"url":"https://git.kernel.org/stable/c/3dac38bdce7932901b9f0b71c62331852c809e61"},{"url":"https://git.kernel.org/stable/c/5b09e88e1bf7fe86540fab4b5f3eece8abead39e"}],"title":"net: hns3: do not allow call hns3_nic_net_open repeatedly","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-noinfo Not enough information"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"LOW","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-05-28T18:26:38.689847Z","id":"CVE-2021-47400","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-01T17:45:26.295Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:39:59.446Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/5a31d4e73ada8022427b69b10fd1f01a6a8d4b3d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f8ba689cb69523144d10606096ef686002dd7285","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3dac38bdce7932901b9f0b71c62331852c809e61","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/5b09e88e1bf7fe86540fab4b5f3eece8abead39e","tags":["x_transferred"]}]}]}}