CVE-2021-47284: isdn: mISDN: netjet: Fix crash in nj_probe:

Published May 21, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

isdn: mISDN: netjet: Fix crash in njprobe

The Linux kernel CVE team has assigned CVE-2021-47284 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052154-CVE-2021-47284-c8f5@gregkh/T

Other sources

In the Linux kernel, the following vulnerability has been resolved:

isdn: mISDN: netjet: Fix crash in njprobe:

'njsetup' in netjet.c might fail with -EIO and in this case 'card->irq' is initialized and is bigger than zero. A subsequent call to 'njrelease' will free the irq that has not been requested.

Fix this bug by deleting the previous assignment to 'card->irq' and just keep the assignment before 'requestirq'.

The KASAN's log reveals it:

[ 3.354615 ] WARNING: CPU: 0 PID: 1 at kernel/irq/manage.c:1826 freeirq+0x100/0x480 [ 3.355112 ] Modules linked in: [ 3.355310 ] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.13.0-rc1-00144-g25a1298726e #13 [ 3.355816 ] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 3.356552 ] RIP: 0010:freeirq+0x100/0x480 [ 3.356820 ] Code: 6e 08 74 6f 4d 89 f4 e8 5e ac 09 00 4d 8b 74 24 18 4d 85 f6 75 e3 e8 4f ac 09 00 8b 75 c8 48 c7 c7 78 c1 2e 85 e8 e0 cf f5 ff <0f> 0b 48 8b 75 c0 4c 89 ff e8 72 33 0b 03 48 8b 43 40 4c 8b a0 80 [ 3.358012 ] RSP: 0000:ffffc90000017b48 EFLAGS: 00010082 [ 3.358357 ] RAX: 0000000000000000 RBX: ffff888104dc8000 RCX: 0000000000000000 [ 3.358814 ] RDX: ffff8881003c8000 RSI: ffffffff8124a9e6 RDI: 00000000ffffffff [ 3.359272 ] RBP: ffffc90000017b88 R08: 0000000000000000 R09: 0000000000000000 [ 3.359732 ] R10: ffffc900000179f0 R11: 0000000000001d04 R12: 0000000000000000 [ 3.360195 ] R13: ffff888107dc6000 R14: ffff888107dc6928 R15: ffff888104dc80a8 [ 3.360652 ] FS: 0000000000000000(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 [ 3.361170 ] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.361538 ] CR2: 0000000000000000 CR3: 000000000582e000 CR4: 00000000000006f0 [ 3.362003 ] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 3.362175 ] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 3.362175 ] Call Trace: [ 3.362175 ] njrelease+0x51/0x1e0 [ 3.362175 ] njprobe+0x450/0x950 [ 3.362175 ] ? pcideviceremove+0x110/0x110 [ 3.362175 ] localpciprobe+0x45/0xa0 [ 3.362175 ] pcideviceprobe+0x12b/0x1d0 [ 3.362175 ] reallyprobe+0x2a9/0x610 [ 3.362175 ] driverprobedevice+0x90/0x1d0 [ 3.362175 ] ? mutexlocknested+0x1b/0x20 [ 3.362175 ] devicedriverattach+0x68/0x70 [ 3.362175 ] driverattach+0x124/0x1b0 [ 3.362175 ] ? devicedriverattach+0x70/0x70 [ 3.362175 ] busforeachdev+0xbb/0x110 [ 3.362175 ] ? rdinitsetup+0x45/0x45 [ 3.362175 ] driverattach+0x27/0x30 [ 3.362175 ] busadddriver+0x1eb/0x2a0 [ 3.362175 ] driverregister+0xa9/0x180 [ 3.362175 ] pciregisterdriver+0x82/0x90 [ 3.362175 ] ? w6692init+0x38/0x38 [ 3.362175 ] njinit+0x36/0x38 [ 3.362175 ] dooneinitcall+0x7f/0x3d0 [ 3.362175 ] ? rdinitsetup+0x45/0x45 [ 3.362175 ] ? rcureadlockschedheld+0x4f/0x80 [ 3.362175 ] kernelinitfreeable+0x2aa/0x301 [ 3.362175 ] ? restinit+0x2c0/0x2c0 [ 3.362175 ] kernelinit+0x18/0x190 [ 3.362175 ] ? restinit+0x2c0/0x2c0 [ 3.362175 ] ? restinit+0x2c0/0x2c0 [ 3.362175 ] retfromfork+0x1f/0x30 [ 3.362175 ] Kernel panic - not syncing: paniconwarn set ... [ 3.362175 ] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.13.0-rc1-00144-g25a1298726e #13 [ 3.362175 ] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 3.362175 ] Call Trace: [ 3.362175 ] dumpstack+0xba/0xf5 [ 3.362175 ] ? freeirq+0x100/0x480 [ 3.362175 ] panic+0x15a/0x3f2 [ 3.362175 ] ? warn+0xf2/0x150 [ 3.362175 ] ? freeirq+0x100/0x480 [ 3.362175 ] warn+0x108/0x150 [ 3.362175 ] ? freeirq+0x100/0x480 [ 3.362175 ] reportbug+0x119/0x1c0 [ 3.362175 ] handlebug+0x3b/0x80 [ 3.362175 ] excinvalidop+0x18/0x70 [ 3.362175 ] asmexcinvalidop+0x12/0x20 [ 3.362175 ] RIP: 0010:freeirq+0x100 ---truncated---

NVD

Affected Software

22 affected componentsFixes available
redhat/kernel<4.4.273
4.4.273
redhat/kernel<4.9.273
4.9.273
redhat/kernel<4.14.237
4.14.237
redhat/kernel<4.19.195
4.19.195
redhat/kernel<5.4.126
5.4.126
redhat/kernel<5.10.44
5.10.44
redhat/kernel<5.12.11
5.12.11
redhat/kernel<5.13
5.13
Linux Linux kernel<4.4.273
Linux Linux kernel>=4.5<4.9.273
Linux Linux kernel>=4.10<4.14.237
Linux Linux kernel>=4.15<4.19.195
Linux Linux kernel>=4.20<5.4.126
Linux Linux kernel>=5.5<5.10.44
Linux Linux kernel>=5.11<5.12.11
Linux Linux kernel=5.13-rc1
Linux Linux kernel=5.13-rc2
Linux Linux kernel=5.13-rc3
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2

Remediation

Patch Available

https://git.kernel.org/stable/c/143fc7220961220eecc04669e5909af8847bf8c8

Patch Available

https://git.kernel.org/stable/c/4c1fcb6ec964b44edbf84235134582a5ffae1521

Patch Available

https://git.kernel.org/stable/c/6249193e03709ea625e10706ecaf17fea0427d3d

Patch Available

https://git.kernel.org/stable/c/958cb1078ca60d214826fd90a0961a447fade59a

Patch Available

https://git.kernel.org/stable/c/9d7d4649dc1c53acf76df260fd519db698ed20d7

Patch Available

https://git.kernel.org/stable/c/9f6f852550d0e1b7735651228116ae9d300f69b3

Patch Available

https://git.kernel.org/stable/c/a0a37e4454ca1c0b424edc2c9c2487c2c46a1be6

Patch Available

https://git.kernel.org/stable/c/bf78e25bd3f487208e042c67c8a31706c2dba265

Event History

May 21, 2024
CVE Published
via MITRE·02:20 PM
Data Sourced
via MITRE·02:20 PM
Description
May 23, 2024
Data Sourced
via Red Hat·10:23 AM
DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2021-47284?

CVE-2021-47284 has been resolved in the Linux kernel and specific severity details can be found in the provided advisories.

2

How can I fix CVE-2021-47284?

To fix CVE-2021-47284, update the Linux kernel to the specified version or newer as indicated in the remediation for affected packages.

3

Which versions of the Linux kernel are affected by CVE-2021-47284?

CVE-2021-47284 affects various versions of the Linux kernel up to and including 5.13.

4

Is CVE-2021-47284 related to any specific products?

Yes, CVE-2021-47284 may impact certain IBM Security Verify Governance products that rely on vulnerable kernel versions.

5

What type of vulnerability is CVE-2021-47284?

CVE-2021-47284 is a kernel vulnerability related to the mISDN subsystem in the Linux operating system.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203