{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T02:41:05.930","vulnerabilities":[{"cve":{"id":"CVE-2021-47302","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-05-21T15:15:17.960","lastModified":"2024-12-26T20:44:51.377","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nigc: Fix use-after-free error during reset\n\nCleans the next descriptor to watch (next_to_watch) when cleaning the\nTX ring.\n\nFailure to do so can cause invalid memory accesses. If igc_poll() runs\nwhile the controller is being reset this can lead to the driver try to\nfree a skb that was already freed.\n\nLog message:\n\n [  101.525242] refcount_t: underflow; use-after-free.\n [  101.525251] WARNING: CPU: 1 PID: 646 at lib/refcount.c:28 refcount_warn_saturate+0xab/0xf0\n [  101.525259] Modules linked in: sch_etf(E) sch_mqprio(E) rfkill(E) intel_rapl_msr(E) intel_rapl_common(E)\n x86_pkg_temp_thermal(E) intel_powerclamp(E) coretemp(E) binfmt_misc(E) kvm_intel(E) kvm(E) irqbypass(E) crc32_pclmul(E)\n ghash_clmulni_intel(E) aesni_intel(E) mei_wdt(E) libaes(E) crypto_simd(E) cryptd(E) glue_helper(E) snd_hda_codec_hdmi(E)\n rapl(E) intel_cstate(E) snd_hda_intel(E) snd_intel_dspcfg(E) sg(E) soundwire_intel(E) intel_uncore(E) at24(E)\n soundwire_generic_allocation(E) iTCO_wdt(E) soundwire_cadence(E) intel_pmc_bxt(E) serio_raw(E) snd_hda_codec(E)\n iTCO_vendor_support(E) watchdog(E) snd_hda_core(E) snd_hwdep(E) snd_soc_core(E) snd_compress(E) snd_pcsp(E)\n soundwire_bus(E) snd_pcm(E) evdev(E) snd_timer(E) mei_me(E) snd(E) soundcore(E) mei(E) configfs(E) ip_tables(E) x_tables(E)\n autofs4(E) ext4(E) crc32c_generic(E) crc16(E) mbcache(E) jbd2(E) sd_mod(E) t10_pi(E) crc_t10dif(E) crct10dif_generic(E)\n i915(E) ahci(E) libahci(E) ehci_pci(E) igb(E) xhci_pci(E) ehci_hcd(E)\n [  101.525303]  drm_kms_helper(E) dca(E) xhci_hcd(E) libata(E) crct10dif_pclmul(E) cec(E) crct10dif_common(E) tsn(E) igc(E)\n e1000e(E) ptp(E) i2c_i801(E) crc32c_intel(E) psmouse(E) i2c_algo_bit(E) i2c_smbus(E) scsi_mod(E) lpc_ich(E) pps_core(E)\n usbcore(E) drm(E) button(E) video(E)\n [  101.525318] CPU: 1 PID: 646 Comm: irq/37-enp7s0-T Tainted: G            E     5.10.30-rt37-tsn1-rt-ipipe #ipipe\n [  101.525320] Hardware name: SIEMENS AG SIMATIC IPC427D/A5E31233588, BIOS V17.02.09 03/31/2017\n [  101.525322] RIP: 0010:refcount_warn_saturate+0xab/0xf0\n [  101.525325] Code: 05 31 48 44 01 01 e8 f0 c6 42 00 0f 0b c3 80 3d 1f 48 44 01 00 75 90 48 c7 c7 78 a8 f3 a6 c6 05 0f 48\n 44 01 01 e8 d1 c6 42 00 <0f> 0b c3 80 3d fe 47 44 01 00 0f 85 6d ff ff ff 48 c7 c7 d0 a8 f3\n [  101.525327] RSP: 0018:ffffbdedc0917cb8 EFLAGS: 00010286\n [  101.525329] RAX: 0000000000000000 RBX: ffff98fd6becbf40 RCX: 0000000000000001\n [  101.525330] RDX: 0000000000000001 RSI: ffffffffa6f2700c RDI: 00000000ffffffff\n [  101.525332] RBP: ffff98fd6becc14c R08: ffffffffa7463d00 R09: ffffbdedc0917c50\n [  101.525333] R10: ffffffffa74c3578 R11: 0000000000000034 R12: 00000000ffffff00\n [  101.525335] R13: ffff98fd6b0b1000 R14: 0000000000000039 R15: ffff98fd6be35c40\n [  101.525337] FS:  0000000000000000(0000) GS:ffff98fd6e240000(0000) knlGS:0000000000000000\n [  101.525339] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [  101.525341] CR2: 00007f34135a3a70 CR3: 0000000150210003 CR4: 00000000001706e0\n [  101.525343] Call Trace:\n [  101.525346]  sock_wfree+0x9c/0xa0\n [  101.525353]  unix_destruct_scm+0x7b/0xa0\n [  101.525358]  skb_release_head_state+0x40/0x90\n [  101.525362]  skb_release_all+0xe/0x30\n [  101.525364]  napi_consume_skb+0x57/0x160\n [  101.525367]  igc_poll+0xb7/0xc80 [igc]\n [  101.525376]  ? sched_clock+0x5/0x10\n [  101.525381]  ? sched_clock_cpu+0xe/0x100\n [  101.525385]  net_rx_action+0x14c/0x410\n [  101.525388]  __do_softirq+0xe9/0x2f4\n [  101.525391]  __local_bh_enable_ip+0xe3/0x110\n [  101.525395]  ? irq_finalize_oneshot.part.47+0xe0/0xe0\n [  101.525398]  irq_forced_thread_fn+0x6a/0x80\n [  101.525401]  irq_thread+0xe8/0x180\n [  101.525403]  ? wake_threads_waitq+0x30/0x30\n [  101.525406]  ? irq_thread_check_affinity+0xd0/0xd0\n [  101.525408]  kthread+0x183/0x1a0\n [  101.525412]  ? kthread_park+0x80/0x80\n [  101.525415]  ret_from_fork+0x22/0x30"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: igc: corrige el error de use after free durante el reinicio. Limpia el siguiente descriptor a observar (next_to_watch) al limpiar el anillo TX. De lo contrario, se pueden producir accesos a la memoria no válidos. Si igc_poll() se ejecuta mientras se reinicia el controlador, esto puede hacer que el controlador intente liberar un skb que ya estaba liberado. Mensaje de registro: [101.525242] refcount_t: desbordamiento insuficiente; use after free. [101.525251] ADVERTENCIA: CPU: 1 PID: 646 AT LIB/REFCOUNT.C: 28 RefCount_warn_saturate+0xab/0xf0 [101.525259] Módulos vinculados en: Sch_etf (E) Sch_Mqprio (E) RFKILL (E) INTEL_RAPL_MSR (E) INTER ) x86_pkg_temp_thermal(E) intel_powerclamp(E) coretemp(E) binfmt_misc(E) kvm_intel(E) kvm(E) irqbypass(E) crc32_pclmul(E) ghash_clmulni_intel(E) aesni_intel(E) mei_wdt(E) libaes(E) crypto_simd (E) cryptd(E) pegamento_helper(E) snd_hda_codec_hdmi(E) rapl(E) intel_cstate(E) snd_hda_intel(E) snd_intel_dspcfg(E) sg(E) soundwire_intel(E) intel_uncore(E) at24(E) soundwire_generic_allocation(E) ) iTCO_wdt(E) soundwire_cadence(E) intel_pmc_bxt(E) serio_raw(E) snd_hda_codec(E) iTCO_vendor_support(E) watchdog(E) snd_hda_core(E) snd_hwdep(E) snd_soc_core(E) snd_compress(E) snd_pcsp(E) soundwire_bus (E) snd_pcm(E) evdev(E) snd_timer(E) mei_me(E) snd(E) soundcore(E) mei(E) configfs(E) ip_tables(E) x_tables(E) autofs4(E) text4(E ) crc32c_generic(E) crc16(E) mbcache(E) jbd2(E) sd_mod(E) t10_pi(E) crc_t10dif(E) crct10dif_generic(E) i915(E) ahci(E) libahci(E) ehci_pci(E) igb (E) xhci_pci(E) ehci_hcd(E) [ 101.525303] drm_kms_helper(E) dca(E) xhci_hcd(E) libata(E) crct10dif_pclmul(E) cec(E) crct10dif_common(E) tsn(E) igc(E) e1000e(E) ptp(E) i2c_i801(E) crc32c_intel(E) psmouse(E) i2c_algo_bit(E) i2c_smbus(E) scsi_mod(E) lpc_ich(E) pps_core(E) usbcore(E) drm(E) button( E) video(E) [ 101.525318] CPU: 1 PID: 646 Comm: irq/37-enp7s0-T Contaminado: GE 5.10.30-rt37-tsn1-rt-ipipe #ipipe [ 101.525320] Nombre de hardware: SIEMENS AG SIMATIC IPC427D /A5E31233588, BIOS V17.02.09 31/03/2017 [ 101.525322] RIP: 0010:refcount_warn_saturate+0xab/0xf0 [ 101.525325] Código: 05 31 48 44 01 01 e8 f0 c6 42 00 0b c3 80 3d 1f 48 44 01 00 75 90 48 c7 c7 78 a8 f3 a6 c6 05 0f 48 44 01 01 e8 d1 c6 42 00 &lt;0f&gt; 0b c3 80 3d fe 47 44 01 00 0f 85 6d ff ff 48 c7 c7 d0 a8 f3 [ 101.525327] RSP: 0018:ffffbdedc0917cb8 EFLAGS: 00010286 [ 101.525329] RAX: 0000000000000000 RBX: ffff98fd6becbf40 RCX: 0000000000000001 [ 101.525330] RDX: 000000000001 RSI: ffffffffa6f2700c RDI: 00000000ffffffff [ 101.525332] RBP: ffff98fd6becc14c R08: ffffffffa7463d00 R09: ffffbdedc0917c50 [ 101.525333] fffffa74c3578 R11: 0000000000000034 R12: 00000000ffffff00 [ 101.525335] R13: ffff98fd6b0b1000 R14: 00000000000000039 R15: ffff98fd6be35c40 [ 101.525337] FS: 0000000000000000(0000) GS:ffff98fd6e240000(0000) knlGS:0000000000000000 [ 101.525339] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 101.525341] CR2: 00007f34135a3a70 CR3: 0000000150210003 CR4: 00000000001706e0 [ 101.525343] Seguimiento de llamadas: [ 101.525346] sock_wfree+0x9c/0xa0 [ 101.52 5353] unix_destruct_scm+0x7b/0xa0 [ 101.525358] skb_release_head_state+0x40/0x90 [ 101.525362] skb_release_all+0xe/0x30 [ 101.525364] napi_consume_skb+0x57/0x160 [ 101.525367] igc_poll+0xb7/0xc80 [igc] [ 101.525376] ? sched_clock+0x5/0x10 [101.525381]? sched_clock_cpu+0xe/0x100 [ 101.525385] net_rx_action+0x14c/0x410 [ 101.525388] __do_softirq+0xe9/0x2f4 [ 101.525391] __local_bh_enable_ip+0xe3/0x110 [ 5395] ? irq_finalize_oneshot.part.47+0xe0/0xe0 [ 101.525398] irq_forced_thread_fn+0x6a/0x80 [ 101.525401] irq_thread+0xe8/0x180 [ 101.525403] ? wake_threads_waitq+0x30/0x30 [101.525406]? irq_thread_check_affinity+0xd0/0xd0 [ 101.525408] kthread+0x183/0x1a0 [ 101.525412] ? kthread_park+0x80/0x80 [ 101.525415] ret_from_fork+0x22/0x30"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.136","matchCriteriaId":"E1FCD98C-8886-4844-B7AF-C42731DF9465"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.54","matchCriteriaId":"1BD5A2EE-859F-40FC-BDAC-167AAE37C870"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.13.6","matchCriteriaId":"512C22FC-1524-4E6F-9E62-4F4B7B6E0576"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.14:rc1:*:*:*:*:*:*","matchCriteriaId":"71268287-21A8-4488-AA4F-23C473153131"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/56ea7ed103b46970e171eb1c95916f393d64eeff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a9508e0edfe369ac95d0825bcdca976436ce780f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e15f629036bac005fc758b4ad17896cf2312add4","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ea5e36b7367ea0a36ef73a163768f16d2977bd83","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/56ea7ed103b46970e171eb1c95916f393d64eeff","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a9508e0edfe369ac95d0825bcdca976436ce780f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e15f629036bac005fc758b4ad17896cf2312add4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ea5e36b7367ea0a36ef73a163768f16d2977bd83","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}