{
   "containers": {
      "cna": {
         "providerMetadata": {
            "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
         },
         "descriptions": [
            {
               "lang": "en",
               "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version\n\nArturo reported this backtrace:\n\n[709732.358791] WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernel_fpu_begin_mask+0xae/0xe0\n[709732.358793] Modules linked in: binfmt_misc nft_nat nft_chain_nat nf_nat nft_counter nft_ct nf_tables nf_conntrack_netlink nfnetlink 8021q garp stp mrp llc vrf intel_rapl_msr intel_rapl_common skx_edac nfit libnvdimm ipmi_ssif x86_pkg_temp_thermal intel_powerclamp coretemp crc32_pclmul mgag200 ghash_clmulni_intel drm_kms_helper cec aesni_intel drm libaes crypto_simd cryptd glue_helper mei_me dell_smbios iTCO_wdt evdev intel_pmc_bxt iTCO_vendor_support dcdbas pcspkr rapl dell_wmi_descriptor wmi_bmof sg i2c_algo_bit watchdog mei acpi_ipmi ipmi_si button nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ipmi_devintf ipmi_msghandler ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 dm_mod raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor sd_mod t10_pi crc_t10dif crct10dif_generic raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod ahci libahci tg3 libata xhci_pci libphy xhci_hcd ptp usbcore crct10dif_pclmul crct10dif_common bnxt_en crc32c_intel scsi_mod\n[709732.358941]  pps_core i2c_i801 lpc_ich i2c_smbus wmi usb_common\n[709732.358957] CPU: 3 PID: 456 Comm: jbd2/dm-0-8 Not tainted 5.10.0-0.bpo.5-amd64 #1 Debian 5.10.24-1~bpo10+1\n[709732.358959] Hardware name: Dell Inc. PowerEdge R440/04JN2K, BIOS 2.9.3 09/23/2020\n[709732.358964] RIP: 0010:kernel_fpu_begin_mask+0xae/0xe0\n[709732.358969] Code: ae 54 24 04 83 e3 01 75 38 48 8b 44 24 08 65 48 33 04 25 28 00 00 00 75 33 48 83 c4 10 5b c3 65 8a 05 5e 21 5e 76 84 c0 74 92 <0f> 0b eb 8e f0 80 4f 01 40 48 81 c7 00 14 00 00 e8 dd fb ff ff eb\n[709732.358972] RSP: 0018:ffffbb9700304740 EFLAGS: 00010202\n[709732.358976] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000000001\n[709732.358979] RDX: ffffbb9700304970 RSI: ffff922fe1952e00 RDI: 0000000000000003\n[709732.358981] RBP: ffffbb9700304970 R08: ffff922fc868a600 R09: ffff922fc711e462\n[709732.358984] R10: 000000000000005f R11: ffff922ff0b27180 R12: ffffbb9700304960\n[709732.358987] R13: ffffbb9700304b08 R14: ffff922fc664b6c8 R15: ffff922fc664b660\n[709732.358990] FS:  0000000000000000(0000) GS:ffff92371fec0000(0000) knlGS:0000000000000000\n[709732.358993] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[709732.358996] CR2: 0000557a6655bdd0 CR3: 000000026020a001 CR4: 00000000007706e0\n[709732.358999] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[709732.359001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[709732.359003] PKRU: 55555554\n[709732.359005] Call Trace:\n[709732.359009]  <IRQ>\n[709732.359035]  nft_pipapo_avx2_lookup+0x4c/0x1cba [nf_tables]\n[709732.359046]  ? sched_clock+0x5/0x10\n[709732.359054]  ? sched_clock_cpu+0xc/0xb0\n[709732.359061]  ? record_times+0x16/0x80\n[709732.359068]  ? plist_add+0xc1/0x100\n[709732.359073]  ? psi_group_change+0x47/0x230\n[709732.359079]  ? skb_clone+0x4d/0xb0\n[709732.359085]  ? enqueue_task_rt+0x22b/0x310\n[709732.359098]  ? bnxt_start_xmit+0x1e8/0xaf0 [bnxt_en]\n[709732.359102]  ? packet_rcv+0x40/0x4a0\n[709732.359121]  nft_lookup_eval+0x59/0x160 [nf_tables]\n[709732.359133]  nft_do_chain+0x350/0x500 [nf_tables]\n[709732.359152]  ? nft_lookup_eval+0x59/0x160 [nf_tables]\n[709732.359163]  ? nft_do_chain+0x364/0x500 [nf_tables]\n[709732.359172]  ? fib4_rule_action+0x6d/0x80\n[709732.359178]  ? fib_rules_lookup+0x107/0x250\n[709732.359184]  nft_nat_do_chain+0x8a/0xf2 [nft_chain_nat]\n[709732.359193]  nf_nat_inet_fn+0xea/0x210 [nf_nat]\n[709732.359202]  nf_nat_ipv4_out+0x14/0xa0 [nf_nat]\n[709732.359207]  nf_hook_slow+0x44/0xc0\n[709732.359214]  ip_output+0xd2/0x100\n[709732.359221]  ? __ip_finish_output+0x210/0x210\n[709732.359226]  ip_forward+0x37d/0x4a0\n[709732.359232]  ? ip4_key_hashfn+0xb0/0xb0\n[709732.359238]  ip_subli\n---truncated---"
            }
         ],
         "affected": [
            {
               "product": "Linux",
               "vendor": "Linux",
               "defaultStatus": "unaffected",
               "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
               "programFiles": [
                  "net/netfilter/nft_set_pipapo.c",
                  "net/netfilter/nft_set_pipapo.h",
                  "net/netfilter/nft_set_pipapo_avx2.c"
               ],
               "versions": [
                  {
                     "version": "7400b063969b",
                     "lessThan": "b1f45a26bd32",
                     "status": "affected",
                     "versionType": "git"
                  },
                  {
                     "version": "7400b063969b",
                     "lessThan": "727a2b4fc951",
                     "status": "affected",
                     "versionType": "git"
                  },
                  {
                     "version": "7400b063969b",
                     "lessThan": "f0b3d338064e",
                     "status": "affected",
                     "versionType": "git"
                  }
               ]
            },
            {
               "product": "Linux",
               "vendor": "Linux",
               "defaultStatus": "affected",
               "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
               "programFiles": [
                  "net/netfilter/nft_set_pipapo.c",
                  "net/netfilter/nft_set_pipapo.h",
                  "net/netfilter/nft_set_pipapo_avx2.c"
               ],
               "versions": [
                  {
                     "version": "5.7",
                     "status": "affected"
                  },
                  {
                     "version": "0",
                     "lessThan": "5.7",
                     "status": "unaffected",
                     "versionType": "custom"
                  },
                  {
                     "version": "5.10.42",
                     "lessThanOrEqual": "5.10.*",
                     "status": "unaffected",
                     "versionType": "custom"
                  },
                  {
                     "version": "5.12.9",
                     "lessThanOrEqual": "5.12.*",
                     "status": "unaffected",
                     "versionType": "custom"
                  },
                  {
                     "version": "5.13",
                     "lessThanOrEqual": "*",
                     "status": "unaffected",
                     "versionType": "original_commit_for_fix"
                  }
               ]
            }
         ],
         "references": [
            {
               "url": "https://git.kernel.org/stable/c/b1f45a26bd322525c14edd9504f6d46dfad679a4"
            },
            {
               "url": "https://git.kernel.org/stable/c/727a2b4fc951ee69847d4904d98961856ea9fbe6"
            },
            {
               "url": "https://git.kernel.org/stable/c/f0b3d338064e1fe7531f0d2977e35f3b334abfb4"
            }
         ],
         "title": "netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version",
         "x_generator": {
            "engine": "bippy-a5840b7849dd"
         }
      }
   },
   "cveMetadata": {
      "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
      "cveID": "CVE-2021-47174",
      "requesterUserId": "gregkh@kernel.org",
      "serial": "1",
      "state": "PUBLISHED"
   },
   "dataType": "CVE_RECORD",
   "dataVersion": "5.0"
}