{"vulnerability": "cve-2021-47349", "sightings": [{"uuid": "f5f43e4c-e944-4d5b-b0e1-00adeeff9f68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-47349", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14722", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-47349\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nmwifiex: bring down link before deleting interface\n\nWe can deadlock when rmmod'ing the driver or going through firmware\nreset, because the cfg80211_unregister_wdev() has to bring down the link\nfor us, ... which then grab the same wiphy lock.\n\nnl80211_del_interface() already handles a very similar case, with a nice\ndescription:\n\n        /*\n         * We hold RTNL, so this is safe, without RTNL opencount cannot\n         * reach 0, and thus the rdev cannot be deleted.\n         *\n         * We need to do it for the dev_close(), since that will call\n         * the netdev notifiers, and we need to acquire the mutex there\n         * but don't know if we get there from here or from some other\n         * place (e.g. \"ip link set ... down\").\n         */\n        mutex_unlock(&rdev->wiphy.mtx);\n...\n\nDo similarly for mwifiex teardown, by ensuring we bring the link down\nfirst.\n\nSample deadlock trace:\n\n[  247.103516] INFO: task rmmod:2119 blocked for more than 123 seconds.\n[  247.110630]       Not tainted 5.12.4 #5\n[  247.115796] \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n[  247.124557] task:rmmod           state:D stack:    0 pid: 2119 ppid:  2114 flags:0x00400208\n[  247.133905] Call trace:\n[  247.136644]  __switch_to+0x130/0x170\n[  247.140643]  __schedule+0x714/0xa0c\n[  247.144548]  schedule_preempt_disabled+0x88/0xf4\n[  247.149714]  __mutex_lock_common+0x43c/0x750\n[  247.154496]  mutex_lock_nested+0x5c/0x68\n[  247.158884]  cfg80211_netdev_notifier_call+0x280/0x4e0 [cfg80211]\n[  247.165769]  raw_notifier_call_chain+0x4c/0x78\n[  247.170742]  call_netdevice_notifiers_info+0x68/0xa4\n[  247.176305]  __dev_close_many+0x7c/0x138\n[  247.180693]  dev_close_many+0x7c/0x10c\n[  247.184893]  unregister_netdevice_many+0xfc/0x654\n[  247.190158]  unregister_netdevice_queue+0xb4/0xe0\n[  247.195424]  _cfg80211_unregister_wdev+0xa4/0x204 [cfg80211]\n[  247.201816]  cfg80211_unregister_wdev+0x20/0x2c [cfg80211]\n[  247.208016]  mwifiex_del_virtual_intf+0xc8/0x188 [mwifiex]\n[  247.214174]  mwifiex_uninit_sw+0x158/0x1b0 [mwifiex]\n[  247.219747]  mwifiex_remove_card+0x38/0xa0 [mwifiex]\n[  247.225316]  mwifiex_pcie_remove+0xd0/0xe0 [mwifiex_pcie]\n[  247.231451]  pci_device_remove+0x50/0xe0\n[  247.235849]  device_release_driver_internal+0x110/0x1b0\n[  247.241701]  driver_detach+0x5c/0x9c\n[  247.245704]  bus_remove_driver+0x84/0xb8\n[  247.250095]  driver_unregister+0x3c/0x60\n[  247.254486]  pci_unregister_driver+0x2c/0x90\n[  247.259267]  cleanup_module+0x18/0xcdc [mwifiex_pcie]\n\ud83d\udccf Published: 2024-05-21T14:35:54.314Z\n\ud83d\udccf Modified: 2025-05-04T07:09:08.342Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/a3041d39d3c14da97fa3476835aba043ba810cf0\n2. https://git.kernel.org/stable/c/35af69c7c0490fdccfc159c6a87e4d1dc070838a\n3. https://git.kernel.org/stable/c/1f9482aa8d412b4ba06ce6ab8e333fb8ca29a06e", "creation_timestamp": "2025-05-04T07:17:59.000000Z"}]}