SB20240620204 - Infinite loop in Linux kernel pci hotplug driver
Published: June 20, 2024 Updated: May 13, 2025
Security Bulletin ID
SB20240620204
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Infinite loop (CVE-ID: CVE-2021-47617)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the pciehp_ist() function in drivers/pci/hotplug/pciehp_hpc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/ff27f7d0333cff89ec85c419f431aca1b38fb16a
- https://git.kernel.org/stable/c/464da38ba827f670deac6500a1de9a4f0f44c41d
- https://git.kernel.org/stable/c/3b4c966fb156ff3e70b2526d964952ff7c1574d9
- https://git.kernel.org/stable/c/1db58c6584a72102e98af2e600ea184ddaf2b8af
- https://git.kernel.org/stable/c/6d6f1f0dac3e3441ecdb1103d4efb11b9ed24dd5
- https://git.kernel.org/stable/c/23584c1ed3e15a6f4bfab8dc5a88d94ab929ee12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.233
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.97
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.20
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.177