CVE-2021-47127: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability was discovered in the ice driver's AFXDP (Address Family XDP) functionality. The issue was introduced by commit c7a219048e45 which silently introduced a regression and broke the Tx side of AFXDP in copy mode. The vulnerability was assigned CVE-2021-47127 and affects Linux kernel versions from 5.12 up to (excluding) 5.12.10, as well as release candidates 5.13-rc1 through 5.13-rc4 (NVD).

The vulnerability occurs because xskpool on icering is set only based on the existence of the XDP prog on the VSI, which incorrectly triggers icecleantxirqzc execution. This behavior should not happen for copy mode as it should use the regular data path icecleantx_irq. The issue manifests as a NULL pointer dereference when xdpsock is run in txonly or l2fwd scenarios in copy mode. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability results in a kernel NULL pointer dereference, which can lead to a system crash or denial of service condition. This primarily affects systems using the Intel ice network driver with AF_XDP functionality in copy mode (Kernel Patch).

The issue has been fixed by introducing a bitmap of queues that are zero-copy enabled, where each bit corresponds to a queue id that xsk pool is being configured on. The fix involves setting/clearing bits within icexskpool{en,dis}able and checking within icexsk_pool(). Users should upgrade to Linux kernel version 5.12.10 or later to receive the fix (Kernel Patch).