{"id":"CVE-2021-47302","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nigc: Fix use-after-free error during reset\n\nCleans the next descriptor to watch (next_to_watch) when cleaning the\nTX ring.\n\nFailure to do so can cause invalid memory accesses. If igc_poll() runs\nwhile the controller is being reset this can lead to the driver try to\nfree a skb that was already freed.\n\nLog message:\n\n [  101.525242] refcount_t: underflow; use-after-free.\n [  101.525251] WARNING: CPU: 1 PID: 646 at lib/refcount.c:28 refcount_warn_saturate+0xab/0xf0\n [  101.525259] Modules linked in: sch_etf(E) sch_mqprio(E) rfkill(E) intel_rapl_msr(E) intel_rapl_common(E)\n x86_pkg_temp_thermal(E) intel_powerclamp(E) coretemp(E) binfmt_misc(E) kvm_intel(E) kvm(E) irqbypass(E) crc32_pclmul(E)\n ghash_clmulni_intel(E) aesni_intel(E) mei_wdt(E) libaes(E) crypto_simd(E) cryptd(E) glue_helper(E) snd_hda_codec_hdmi(E)\n rapl(E) intel_cstate(E) snd_hda_intel(E) snd_intel_dspcfg(E) sg(E) soundwire_intel(E) intel_uncore(E) at24(E)\n soundwire_generic_allocation(E) iTCO_wdt(E) soundwire_cadence(E) intel_pmc_bxt(E) serio_raw(E) snd_hda_codec(E)\n iTCO_vendor_support(E) watchdog(E) snd_hda_core(E) snd_hwdep(E) snd_soc_core(E) snd_compress(E) snd_pcsp(E)\n soundwire_bus(E) snd_pcm(E) evdev(E) snd_timer(E) mei_me(E) snd(E) soundcore(E) mei(E) configfs(E) ip_tables(E) x_tables(E)\n autofs4(E) ext4(E) crc32c_generic(E) crc16(E) mbcache(E) jbd2(E) sd_mod(E) t10_pi(E) crc_t10dif(E) crct10dif_generic(E)\n i915(E) ahci(E) libahci(E) ehci_pci(E) igb(E) xhci_pci(E) ehci_hcd(E)\n [  101.525303]  drm_kms_helper(E) dca(E) xhci_hcd(E) libata(E) crct10dif_pclmul(E) cec(E) crct10dif_common(E) tsn(E) igc(E)\n e1000e(E) ptp(E) i2c_i801(E) crc32c_intel(E) psmouse(E) i2c_algo_bit(E) i2c_smbus(E) scsi_mod(E) lpc_ich(E) pps_core(E)\n usbcore(E) drm(E) button(E) video(E)\n [  101.525318] CPU: 1 PID: 646 Comm: irq/37-enp7s0-T Tainted: G            E     5.10.30-rt37-tsn1-rt-ipipe #ipipe\n [  101.525320] Hardware name: SIEMENS AG SIMATIC IPC427D/A5E31233588, BIOS V17.02.09 03/31/2017\n [  101.525322] RIP: 0010:refcount_warn_saturate+0xab/0xf0\n [  101.525325] Code: 05 31 48 44 01 01 e8 f0 c6 42 00 0f 0b c3 80 3d 1f 48 44 01 00 75 90 48 c7 c7 78 a8 f3 a6 c6 05 0f 48\n 44 01 01 e8 d1 c6 42 00 \u003c0f\u003e 0b c3 80 3d fe 47 44 01 00 0f 85 6d ff ff ff 48 c7 c7 d0 a8 f3\n [  101.525327] RSP: 0018:ffffbdedc0917cb8 EFLAGS: 00010286\n [  101.525329] RAX: 0000000000000000 RBX: ffff98fd6becbf40 RCX: 0000000000000001\n [  101.525330] RDX: 0000000000000001 RSI: ffffffffa6f2700c RDI: 00000000ffffffff\n [  101.525332] RBP: ffff98fd6becc14c R08: ffffffffa7463d00 R09: ffffbdedc0917c50\n [  101.525333] R10: ffffffffa74c3578 R11: 0000000000000034 R12: 00000000ffffff00\n [  101.525335] R13: ffff98fd6b0b1000 R14: 0000000000000039 R15: ffff98fd6be35c40\n [  101.525337] FS:  0000000000000000(0000) GS:ffff98fd6e240000(0000) knlGS:0000000000000000\n [  101.525339] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [  101.525341] CR2: 00007f34135a3a70 CR3: 0000000150210003 CR4: 00000000001706e0\n [  101.525343] Call Trace:\n [  101.525346]  sock_wfree+0x9c/0xa0\n [  101.525353]  unix_destruct_scm+0x7b/0xa0\n [  101.525358]  skb_release_head_state+0x40/0x90\n [  101.525362]  skb_release_all+0xe/0x30\n [  101.525364]  napi_consume_skb+0x57/0x160\n [  101.525367]  igc_poll+0xb7/0xc80 [igc]\n [  101.525376]  ? sched_clock+0x5/0x10\n [  101.525381]  ? sched_clock_cpu+0xe/0x100\n [  101.525385]  net_rx_action+0x14c/0x410\n [  101.525388]  __do_softirq+0xe9/0x2f4\n [  101.525391]  __local_bh_enable_ip+0xe3/0x110\n [  101.525395]  ? irq_finalize_oneshot.part.47+0xe0/0xe0\n [  101.525398]  irq_forced_thread_fn+0x6a/0x80\n [  101.525401]  irq_thread+0xe8/0x180\n [  101.525403]  ? wake_threads_waitq+0x30/0x30\n [  101.525406]  ? irq_thread_check_affinity+0xd0/0xd0\n [  101.525408]  kthread+0x183/0x1a0\n [  101.525412]  ? kthread_park+0x80/0x80\n [  101.525415]  ret_from_fork+0x22/0x30","modified":"2026-03-13T05:20:41.963032Z","published":"2024-05-21T15:15:17.960Z","related":["SUSE-SU-2024:1979-1","SUSE-SU-2024:1983-1","SUSE-SU-2024:2010-1","SUSE-SU-2024:2183-1","SUSE-SU-2024:2184-1","SUSE-SU-2024:2185-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/ea5e36b7367ea0a36ef73a163768f16d2977bd83"},{"type":"FIX","url":"https://git.kernel.org/stable/c/56ea7ed103b46970e171eb1c95916f393d64eeff"},{"type":"FIX","url":"https://git.kernel.org/stable/c/a9508e0edfe369ac95d0825bcdca976436ce780f"},{"type":"FIX","url":"https://git.kernel.org/stable/c/e15f629036bac005fc758b4ad17896cf2312add4"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"4.20"},{"fixed":"5.4.136"}]},{"events":[{"introduced":"5.5"},{"fixed":"5.10.54"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.13.6"}]},{"events":[{"introduced":"0"},{"last_affected":"5.14-rc1"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47302.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}