Vulnerability-Lookup

CERTFR-2024-AVI-0329

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE	openSUSE Leap	openSUSE Leap 15.5
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 15-SP5
SUSE	openSUSE Leap	openSUSE Leap 15.3
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing 12 SP5
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 15-SP2
SUSE	SUSE Manager Retail Branch Server	SUSE Manager Retail Branch Server 4.3
SUSE	Public Cloud Module	Public Cloud Module 15-SP5
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 12-SP5
SUSE	openSUSE Leap	openSUSE Leap 15.4
SUSE	N/A	SUSE Linux Enterprise High Availability Extension 15 SP4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12 SP5
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro 5.2
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15 SP5
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro 5.1
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro for Rancher 5.4
SUSE	SUSE Real Time Module	SUSE Real Time Module 15-SP5
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro 5.3
SUSE	SUSE Linux Enterprise Real Time	SUSE Linux Enterprise Real Time 15 SP5
SUSE	openSUSE Leap	openSUSE Leap Micro 5.3
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro for Rancher 5.3
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4
SUSE	SUSE Linux Enterprise Real Time	SUSE Linux Enterprise Real Time 15 SP4
SUSE	SUSE Manager Proxy	SUSE Manager Proxy 4.3
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 15-SP3
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE	SUSE Linux Enterprise Desktop	SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro 5.5
SUSE	openSUSE Leap	openSUSE Leap Micro 5.4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15 SP4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15 SP2
SUSE	SUSE Manager Server	SUSE Manager Server 4.3
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15 SP3
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro 5.4
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 15-SP4
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing 15 SP2

References

Title

Publication Time

Tags

Bulletin de sécurité SUSE suse-su-20241280-1 du 12 avril 2024	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20241257-1 du 12 avril 2024	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20241321-1 du 16 avril 2024	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20241299-1 du 15 avril 2024	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20241332-2 du 18 avril 2024	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20241278-1 du 12 avril 2024	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20241298-1 du 15 avril 2024	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20241274-1 du 12 avril 2024	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20241275-1 du 12 avril 2024	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20241322-2 du 18 avril 2024	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20241322-1 du 16 avril 2024	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20241320-1 du 16 avril 2024	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20241288-1 du 15 avril 2024	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20241276-1 du 12 avril 2024	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20241273-1 du 12 avril 2024	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20241292-1 du 15 avril 2024	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20241332-1 du 18 avril 2024	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20241312-1 du 16 avril 2024	None	vendor-advisory
Bulletin de sécurité SUSE suse-su-20241318-1 du 16 avril 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
      "product": {
        "name": "SUSE Linux Enterprise High Performance Computing",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "openSUSE Leap 15.5",
      "product": {
        "name": "openSUSE Leap",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Live Patching 15-SP5",
      "product": {
        "name": "SUSE Linux Enterprise Live Patching",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "openSUSE Leap 15.3",
      "product": {
        "name": "openSUSE Leap",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Performance Computing 12 SP5",
      "product": {
        "name": "SUSE Linux Enterprise High Performance Computing",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Performance Computing 15 SP4",
      "product": {
        "name": "SUSE Linux Enterprise High Performance Computing",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Live Patching 15-SP2",
      "product": {
        "name": "SUSE Linux Enterprise Live Patching",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Manager Retail Branch Server 4.3",
      "product": {
        "name": "SUSE Manager Retail Branch Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "Public Cloud Module 15-SP5",
      "product": {
        "name": "Public Cloud Module",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Live Patching 12-SP5",
      "product": {
        "name": "SUSE Linux Enterprise Live Patching",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "openSUSE Leap 15.4",
      "product": {
        "name": "openSUSE Leap",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Availability Extension 15 SP4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP4",
      "product": {
        "name": "SUSE Linux Enterprise High Performance Computing",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 12 SP5",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Micro 5.2",
      "product": {
        "name": "SUSE Linux Enterprise Micro",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 15 SP5",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Micro 5.1",
      "product": {
        "name": "SUSE Linux Enterprise Micro",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Micro for Rancher 5.4",
      "product": {
        "name": "SUSE Linux Enterprise Micro",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Real Time Module 15-SP5",
      "product": {
        "name": "SUSE Real Time Module",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4",
      "product": {
        "name": "SUSE Linux Enterprise High Performance Computing",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Micro 5.3",
      "product": {
        "name": "SUSE Linux Enterprise Micro",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Real Time 15 SP5",
      "product": {
        "name": "SUSE Linux Enterprise Real Time",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "openSUSE Leap Micro 5.3",
      "product": {
        "name": "openSUSE Leap",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Micro for Rancher 5.3",
      "product": {
        "name": "SUSE Linux Enterprise Micro",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Real Time 15 SP4",
      "product": {
        "name": "SUSE Linux Enterprise Real Time",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Manager Proxy 4.3",
      "product": {
        "name": "SUSE Manager Proxy",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Live Patching 15-SP3",
      "product": {
        "name": "SUSE Linux Enterprise Live Patching",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4",
      "product": {
        "name": "SUSE Linux Enterprise Desktop",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Performance Computing 15 SP3",
      "product": {
        "name": "SUSE Linux Enterprise High Performance Computing",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Micro 5.5",
      "product": {
        "name": "SUSE Linux Enterprise Micro",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "openSUSE Leap Micro 5.4",
      "product": {
        "name": "openSUSE Leap",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 15 SP4",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 15 SP2",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Manager Server 4.3",
      "product": {
        "name": "SUSE Manager Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 15 SP3",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Micro 5.4",
      "product": {
        "name": "SUSE Linux Enterprise Micro",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Live Patching 15-SP4",
      "product": {
        "name": "SUSE Linux Enterprise Live Patching",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Performance Computing 15 SP2",
      "product": {
        "name": "SUSE Linux Enterprise High Performance Computing",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-35827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35827"
    },
    {
      "name": "CVE-2023-52567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52567"
    },
    {
      "name": "CVE-2024-1085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1085"
    },
    {
      "name": "CVE-2023-52477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52477"
    },
    {
      "name": "CVE-2021-47102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47102"
    },
    {
      "name": "CVE-2024-26654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26654"
    },
    {
      "name": "CVE-2024-26614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26614"
    },
    {
      "name": "CVE-2022-48626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48626"
    },
    {
      "name": "CVE-2023-52532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52532"
    },
    {
      "name": "CVE-2023-52621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52621"
    },
    {
      "name": "CVE-2024-26629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26629"
    },
    {
      "name": "CVE-2024-25739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25739"
    },
    {
      "name": "CVE-2021-47100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47100"
    },
    {
      "name": "CVE-2023-52637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52637"
    },
    {
      "name": "CVE-2023-52508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52508"
    },
    {
      "name": "CVE-2023-52559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52559"
    },
    {
      "name": "CVE-2023-6536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6536"
    },
    {
      "name": "CVE-2023-6531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6531"
    },
    {
      "name": "CVE-2023-52453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52453"
    },
    {
      "name": "CVE-2024-26600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26600"
    },
    {
      "name": "CVE-2023-28746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
    },
    {
      "name": "CVE-2023-52563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52563"
    },
    {
      "name": "CVE-2023-52492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52492"
    },
    {
      "name": "CVE-2023-52515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52515"
    },
    {
      "name": "CVE-2021-46926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46926"
    },
    {
      "name": "CVE-2023-52454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52454"
    },
    {
      "name": "CVE-2024-26627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26627"
    },
    {
      "name": "CVE-2021-47094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47094"
    },
    {
      "name": "CVE-2021-46929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46929"
    },
    {
      "name": "CVE-2023-52632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52632"
    },
    {
      "name": "CVE-2023-52600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52600"
    },
    {
      "name": "CVE-2023-52507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52507"
    },
    {
      "name": "CVE-2023-52587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52587"
    },
    {
      "name": "CVE-2024-26645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26645"
    },
    {
      "name": "CVE-2023-52582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52582"
    },
    {
      "name": "CVE-2023-7042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7042"
    },
    {
      "name": "CVE-2023-52340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52340"
    },
    {
      "name": "CVE-2023-52605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52605"
    },
    {
      "name": "CVE-2023-52604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52604"
    },
    {
      "name": "CVE-2023-52518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52518"
    },
    {
      "name": "CVE-2023-52601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52601"
    },
    {
      "name": "CVE-2023-42753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
    },
    {
      "name": "CVE-2024-23307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
    },
    {
      "name": "CVE-2021-47099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47099"
    },
    {
      "name": "CVE-2021-47104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47104"
    },
    {
      "name": "CVE-2021-46933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46933"
    },
    {
      "name": "CVE-2023-52603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52603"
    },
    {
      "name": "CVE-2023-52528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52528"
    },
    {
      "name": "CVE-2024-26695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26695"
    },
    {
      "name": "CVE-2023-52482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52482"
    },
    {
      "name": "CVE-2022-20154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20154"
    },
    {
      "name": "CVE-2023-52486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52486"
    },
    {
      "name": "CVE-2021-46931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46931"
    },
    {
      "name": "CVE-2024-26670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26670"
    },
    {
      "name": "CVE-2023-52619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52619"
    },
    {
      "name": "CVE-2023-52617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52617"
    },
    {
      "name": "CVE-2021-47096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47096"
    },
    {
      "name": "CVE-2023-6270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6270"
    },
    {
      "name": "CVE-2022-48627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48627"
    },
    {
      "name": "CVE-2023-52462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52462"
    },
    {
      "name": "CVE-2023-52524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52524"
    },
    {
      "name": "CVE-2023-6356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6356"
    },
    {
      "name": "CVE-2023-52469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52469"
    },
    {
      "name": "CVE-2023-52493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52493"
    },
    {
      "name": "CVE-2021-47108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47108"
    },
    {
      "name": "CVE-2023-52484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52484"
    },
    {
      "name": "CVE-2023-52569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52569"
    },
    {
      "name": "CVE-2023-52481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52481"
    },
    {
      "name": "CVE-2023-0160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0160"
    },
    {
      "name": "CVE-2024-26599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26599"
    },
    {
      "name": "CVE-2023-52608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52608"
    },
    {
      "name": "CVE-2021-47082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47082"
    },
    {
      "name": "CVE-2024-26642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
    },
    {
      "name": "CVE-2022-4744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4744"
    },
    {
      "name": "CVE-2023-52639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52639"
    },
    {
      "name": "CVE-2021-47091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47091"
    },
    {
      "name": "CVE-2021-47095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47095"
    },
    {
      "name": "CVE-2023-52599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52599"
    },
    {
      "name": "CVE-2024-26607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26607"
    },
    {
      "name": "CVE-2023-52574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52574"
    },
    {
      "name": "CVE-2023-52509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52509"
    },
    {
      "name": "CVE-2023-52470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52470"
    },
    {
      "name": "CVE-2023-52583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52583"
    },
    {
      "name": "CVE-2023-52602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52602"
    },
    {
      "name": "CVE-2023-52519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52519"
    },
    {
      "name": "CVE-2023-6535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6535"
    },
    {
      "name": "CVE-2024-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0841"
    },
    {
      "name": "CVE-2021-47098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47098"
    },
    {
      "name": "CVE-2024-26651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26651"
    },
    {
      "name": "CVE-2021-47083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47083"
    },
    {
      "name": "CVE-2022-48630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48630"
    },
    {
      "name": "CVE-2023-52510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52510"
    },
    {
      "name": "CVE-2023-52497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52497"
    },
    {
      "name": "CVE-2024-26646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26646"
    },
    {
      "name": "CVE-2023-52612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52612"
    },
    {
      "name": "CVE-2023-52500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52500"
    },
    {
      "name": "CVE-2024-25742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25742"
    },
    {
      "name": "CVE-2024-26602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26602"
    },
    {
      "name": "CVE-2021-47093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47093"
    },
    {
      "name": "CVE-2024-22099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22099"
    },
    {
      "name": "CVE-2023-1829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1829"
    },
    {
      "name": "CVE-2021-47097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47097"
    },
    {
      "name": "CVE-2023-52575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52575"
    },
    {
      "name": "CVE-2021-46934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46934"
    },
    {
      "name": "CVE-2023-52517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52517"
    },
    {
      "name": "CVE-2023-52598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
    },
    {
      "name": "CVE-2023-52525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52525"
    },
    {
      "name": "CVE-2021-46927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46927"
    },
    {
      "name": "CVE-2024-26659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26659"
    },
    {
      "name": "CVE-2023-52450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52450"
    },
    {
      "name": "CVE-2022-48629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48629"
    },
    {
      "name": "CVE-2023-52594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52594"
    },
    {
      "name": "CVE-2021-47087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47087"
    },
    {
      "name": "CVE-2023-52595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
    },
    {
      "name": "CVE-2024-26620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26620"
    },
    {
      "name": "CVE-2021-46925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46925"
    },
    {
      "name": "CVE-2021-46936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46936"
    },
    {
      "name": "CVE-2023-52623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52623"
    },
    {
      "name": "CVE-2023-52501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52501"
    },
    {
      "name": "CVE-2023-52447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52447"
    },
    {
      "name": "CVE-2023-52504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52504"
    },
    {
      "name": "CVE-2023-52513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52513"
    },
    {
      "name": "CVE-2023-52615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
    },
    {
      "name": "CVE-2021-47105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47105"
    },
    {
      "name": "CVE-2023-52511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52511"
    },
    {
      "name": "CVE-2023-4881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4881"
    },
    {
      "name": "CVE-2023-52606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52606"
    },
    {
      "name": "CVE-2023-52502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52502"
    },
    {
      "name": "CVE-2024-26667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26667"
    },
    {
      "name": "CVE-2023-7192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7192"
    },
    {
      "name": "CVE-2023-52597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52597"
    },
    {
      "name": "CVE-2023-52531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52531"
    },
    {
      "name": "CVE-2024-26717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26717"
    },
    {
      "name": "CVE-2023-52566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52566"
    },
    {
      "name": "CVE-2024-0565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0565"
    },
    {
      "name": "CVE-2024-2201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2201"
    },
    {
      "name": "CVE-2021-47101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47101"
    },
    {
      "name": "CVE-2023-52476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52476"
    },
    {
      "name": "CVE-2023-52463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
    },
    {
      "name": "CVE-2023-52467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52467"
    },
    {
      "name": "CVE-2023-52628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52628"
    },
    {
      "name": "CVE-2023-52529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52529"
    },
    {
      "name": "CVE-2023-52591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52591"
    },
    {
      "name": "CVE-2023-52530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52530"
    },
    {
      "name": "CVE-2023-52520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52520"
    },
    {
      "name": "CVE-2021-47107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47107"
    },
    {
      "name": "CVE-2023-52523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52523"
    },
    {
      "name": "CVE-2024-26664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26664"
    },
    {
      "name": "CVE-2023-52494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52494"
    },
    {
      "name": "CVE-2023-52576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52576"
    },
    {
      "name": "CVE-2024-26612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26612"
    },
    {
      "name": "CVE-2023-52474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52474"
    },
    {
      "name": "CVE-2021-46930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46930"
    },
    {
      "name": "CVE-2023-52607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
    },
    {
      "name": "CVE-2022-48628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48628"
    },
    {
      "name": "CVE-2023-52564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52564"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0329",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-04-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux de SUSE\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241280-1 du 12 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241280-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241257-1 du 12 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241257-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241321-1 du 16 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241321-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241299-1 du 15 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241299-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241332-2 du 18 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241332-2"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241278-1 du 12 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241278-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241298-1 du 15 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241298-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241274-1 du 12 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241274-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241275-1 du 12 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241275-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241322-2 du 18 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241322-2"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241322-1 du 16 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241322-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241320-1 du 16 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241320-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241288-1 du 15 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241288-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241276-1 du 12 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241276-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241273-1 du 12 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241273-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241292-1 du 15 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241292-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241332-1 du 18 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241332-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241312-1 du 16 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241312-1"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20241318-1 du 16 avril 2024",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241318-1"
    }
  ]
}

CVE-2021-46925 (GCVE-0-2021-46925)

Vulnerability from cvelistv5 – Published: 2024-02-27 09:43 – Updated: 2026-05-11 13:44

Title

net/smc: fix kernel panic caused by race of smc_sock

Summary

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix kernel panic caused by race of smc_sock A crash occurs when smc_cdc_tx_handler() tries to access smc_sock but smc_release() has already freed it. [ 4570.695099] BUG: unable to handle page fault for address: 000000002eae9e88 [ 4570.696048] #PF: supervisor write access in kernel mode [ 4570.696728] #PF: error_code(0x0002) - not-present page [ 4570.697401] PGD 0 P4D 0 [ 4570.697716] Oops: 0002 [#1] PREEMPT SMP NOPTI [ 4570.698228] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.16.0-rc4+ #111 [ 4570.699013] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 8c24b4c 04/0 [ 4570.699933] RIP: 0010:_raw_spin_lock+0x1a/0x30 <...> [ 4570.711446] Call Trace: [ 4570.711746] <IRQ> [ 4570.711992] smc_cdc_tx_handler+0x41/0xc0 [ 4570.712470] smc_wr_tx_tasklet_fn+0x213/0x560 [ 4570.712981] ? smc_cdc_tx_dismisser+0x10/0x10 [ 4570.713489] tasklet_action_common.isra.17+0x66/0x140 [ 4570.714083] __do_softirq+0x123/0x2f4 [ 4570.714521] irq_exit_rcu+0xc4/0xf0 [ 4570.714934] common_interrupt+0xba/0xe0 Though smc_cdc_tx_handler() checked the existence of smc connection, smc_release() may have already dismissed and released the smc socket before smc_cdc_tx_handler() further visits it. smc_cdc_tx_handler() |smc_release() if (!conn) | | |smc_cdc_tx_dismiss_slots() | smc_cdc_tx_dismisser() | |sock_put(&smc->sk) <- last sock_put, | smc_sock freed bh_lock_sock(&smc->sk) (panic) | To make sure we won't receive any CDC messages after we free the smc_sock, add a refcount on the smc_connection for inflight CDC message(posted to the QP but haven't received related CQE), and don't release the smc_connection until all the inflight CDC messages haven been done, for both success or failed ones. Using refcount on CDC messages brings another problem: when the link is going to be destroyed, smcr_link_clear() will reset the QP, which then remove all the pending CQEs related to the QP in the CQ. To make sure all the CQEs will always come back so the refcount on the smc_connection can always reach 0, smc_ib_modify_qp_reset() was replaced by smc_ib_modify_qp_error(). And remove the timeout in smc_wr_tx_wait_no_pending_sends() since we need to wait for all pending WQEs done, or we may encounter use-after- free when handling CQEs. For IB device removal routine, we need to wait for all the QPs on that device been destroyed before we can destroy CQs on the device, or the refcount on smc_connection won't reach 0 and smc_sock cannot be released.

Severity

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

Linux

References

3 references

URL	Tags
https://git.kernel.org/stable/c/e8a5988a85c719ce7…
https://git.kernel.org/stable/c/b85f751d71ae8e2a1…
https://git.kernel.org/stable/c/349d43127dac00c15…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 5f08318f617b05b6ee389d8bd174c7af921ebf19 , < e8a5988a85c719ce7205cb00dcf0716dcf611332 (git) Affected: 5f08318f617b05b6ee389d8bd174c7af921ebf19 , < b85f751d71ae8e2a15e9bda98852ea9af35282eb (git) Affected: 5f08318f617b05b6ee389d8bd174c7af921ebf19 , < 349d43127dac00c15231e8ffbcaabd70f7b0e544 (git)
Linux	Linux	Affected: 4.11 Unaffected: 0 , < 4.11 (semver) Unaffected: 5.10.90 , ≤ 5.10.* (semver) Unaffected: 5.15.13 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.7,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-46925",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-27T14:30:40.812518Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-362",
                "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T13:48:24.020Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e8a5988a85c719ce7205cb00dcf0716dcf611332"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b85f751d71ae8e2a15e9bda98852ea9af35282eb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/349d43127dac00c15231e8ffbcaabd70f7b0e544"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/smc/smc.h",
            "net/smc/smc_cdc.c",
            "net/smc/smc_cdc.h",
            "net/smc/smc_core.c",
            "net/smc/smc_ib.c",
            "net/smc/smc_ib.h",
            "net/smc/smc_wr.c",
            "net/smc/smc_wr.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e8a5988a85c719ce7205cb00dcf0716dcf611332",
              "status": "affected",
              "version": "5f08318f617b05b6ee389d8bd174c7af921ebf19",
              "versionType": "git"
            },
            {
              "lessThan": "b85f751d71ae8e2a15e9bda98852ea9af35282eb",
              "status": "affected",
              "version": "5f08318f617b05b6ee389d8bd174c7af921ebf19",
              "versionType": "git"
            },
            {
              "lessThan": "349d43127dac00c15231e8ffbcaabd70f7b0e544",
              "status": "affected",
              "version": "5f08318f617b05b6ee389d8bd174c7af921ebf19",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/smc/smc.h",
            "net/smc/smc_cdc.c",
            "net/smc/smc_cdc.h",
            "net/smc/smc_core.c",
            "net/smc/smc_ib.c",
            "net/smc/smc_ib.h",
            "net/smc/smc_wr.c",
            "net/smc/smc_wr.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.90",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.13",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix kernel panic caused by race of smc_sock\n\nA crash occurs when smc_cdc_tx_handler() tries to access smc_sock\nbut smc_release() has already freed it.\n\n[ 4570.695099] BUG: unable to handle page fault for address: 000000002eae9e88\n[ 4570.696048] #PF: supervisor write access in kernel mode\n[ 4570.696728] #PF: error_code(0x0002) - not-present page\n[ 4570.697401] PGD 0 P4D 0\n[ 4570.697716] Oops: 0002 [#1] PREEMPT SMP NOPTI\n[ 4570.698228] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.16.0-rc4+ #111\n[ 4570.699013] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 8c24b4c 04/0\n[ 4570.699933] RIP: 0010:_raw_spin_lock+0x1a/0x30\n\u003c...\u003e\n[ 4570.711446] Call Trace:\n[ 4570.711746]  \u003cIRQ\u003e\n[ 4570.711992]  smc_cdc_tx_handler+0x41/0xc0\n[ 4570.712470]  smc_wr_tx_tasklet_fn+0x213/0x560\n[ 4570.712981]  ? smc_cdc_tx_dismisser+0x10/0x10\n[ 4570.713489]  tasklet_action_common.isra.17+0x66/0x140\n[ 4570.714083]  __do_softirq+0x123/0x2f4\n[ 4570.714521]  irq_exit_rcu+0xc4/0xf0\n[ 4570.714934]  common_interrupt+0xba/0xe0\n\nThough smc_cdc_tx_handler() checked the existence of smc connection,\nsmc_release() may have already dismissed and released the smc socket\nbefore smc_cdc_tx_handler() further visits it.\n\nsmc_cdc_tx_handler()           |smc_release()\nif (!conn)                     |\n                               |\n                               |smc_cdc_tx_dismiss_slots()\n                               |      smc_cdc_tx_dismisser()\n                               |\n                               |sock_put(\u0026smc-\u003esk) \u003c- last sock_put,\n                               |                      smc_sock freed\nbh_lock_sock(\u0026smc-\u003esk) (panic) |\n\nTo make sure we won\u0027t receive any CDC messages after we free the\nsmc_sock, add a refcount on the smc_connection for inflight CDC\nmessage(posted to the QP but haven\u0027t received related CQE), and\ndon\u0027t release the smc_connection until all the inflight CDC messages\nhaven been done, for both success or failed ones.\n\nUsing refcount on CDC messages brings another problem: when the link\nis going to be destroyed, smcr_link_clear() will reset the QP, which\nthen remove all the pending CQEs related to the QP in the CQ. To make\nsure all the CQEs will always come back so the refcount on the\nsmc_connection can always reach 0, smc_ib_modify_qp_reset() was replaced\nby smc_ib_modify_qp_error().\nAnd remove the timeout in smc_wr_tx_wait_no_pending_sends() since we\nneed to wait for all pending WQEs done, or we may encounter use-after-\nfree when handling CQEs.\n\nFor IB device removal routine, we need to wait for all the QPs on that\ndevice been destroyed before we can destroy CQs on the device, or\nthe refcount on smc_connection won\u0027t reach 0 and smc_sock cannot be\nreleased."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:44:33.224Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e8a5988a85c719ce7205cb00dcf0716dcf611332"
        },
        {
          "url": "https://git.kernel.org/stable/c/b85f751d71ae8e2a15e9bda98852ea9af35282eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/349d43127dac00c15231e8ffbcaabd70f7b0e544"
        }
      ],
      "title": "net/smc: fix kernel panic caused by race of smc_sock",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46925",
    "datePublished": "2024-02-27T09:43:55.445Z",
    "dateReserved": "2024-02-25T13:45:52.719Z",
    "dateUpdated": "2026-05-11T13:44:33.224Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-46926 (GCVE-0-2021-46926)

Vulnerability from cvelistv5 – Published: 2024-02-27 09:43 – Updated: 2026-05-11 13:44

Title

ALSA: hda: intel-sdw-acpi: harden detection of controller

Summary

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: intel-sdw-acpi: harden detection of controller The existing code currently sets a pointer to an ACPI handle before checking that it's actually a SoundWire controller. This can lead to issues where the graph walk continues and eventually fails, but the pointer was set already. This patch changes the logic so that the information provided to the caller is set when a controller is found.

Severity

No CVSS data available.

Assigner

Linux

References

2 references

URL	Tags
https://git.kernel.org/stable/c/cce476954401e3421…
https://git.kernel.org/stable/c/385f287f9853da402…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 6f11586f4896ee448262747788a0a3faf0fe9066 , < cce476954401e3421afafb25bbaa926050688b1d (git) Affected: 6f11586f4896ee448262747788a0a3faf0fe9066 , < 385f287f9853da402d94278e59f594501c1d1dad (git)
Linux	Linux	Affected: 5.3 Unaffected: 0 , < 5.3 (semver) Unaffected: 5.15.13 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.895Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cce476954401e3421afafb25bbaa926050688b1d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/385f287f9853da402d94278e59f594501c1d1dad"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46926",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:02:04.027406Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:24.369Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/hda/intel-sdw-acpi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cce476954401e3421afafb25bbaa926050688b1d",
              "status": "affected",
              "version": "6f11586f4896ee448262747788a0a3faf0fe9066",
              "versionType": "git"
            },
            {
              "lessThan": "385f287f9853da402d94278e59f594501c1d1dad",
              "status": "affected",
              "version": "6f11586f4896ee448262747788a0a3faf0fe9066",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/hda/intel-sdw-acpi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.3"
            },
            {
              "lessThan": "5.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.13",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "5.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: intel-sdw-acpi: harden detection of controller\n\nThe existing code currently sets a pointer to an ACPI handle before\nchecking that it\u0027s actually a SoundWire controller. This can lead to\nissues where the graph walk continues and eventually fails, but the\npointer was set already.\n\nThis patch changes the logic so that the information provided to\nthe caller is set when a controller is found."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:44:34.363Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cce476954401e3421afafb25bbaa926050688b1d"
        },
        {
          "url": "https://git.kernel.org/stable/c/385f287f9853da402d94278e59f594501c1d1dad"
        }
      ],
      "title": "ALSA: hda: intel-sdw-acpi: harden detection of controller",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46926",
    "datePublished": "2024-02-27T09:43:56.102Z",
    "dateReserved": "2024-02-25T13:45:52.719Z",
    "dateUpdated": "2026-05-11T13:44:34.363Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-46927 (GCVE-0-2021-46927)

Vulnerability from cvelistv5 – Published: 2024-02-27 09:43 – Updated: 2026-05-11 13:44

Title

nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert

Summary

In the Linux kernel, the following vulnerability has been resolved: nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert After commit 5b78ed24e8ec ("mm/pagemap: add mmap_assert_locked() annotations to find_vma*()"), the call to get_user_pages() will trigger the mmap assert. static inline void mmap_assert_locked(struct mm_struct *mm) { lockdep_assert_held(&mm->mmap_lock); VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm); } [ 62.521410] kernel BUG at include/linux/mmap_lock.h:156! ........................................................... [ 62.538938] RIP: 0010:find_vma+0x32/0x80 ........................................................... [ 62.605889] Call Trace: [ 62.608502] <TASK> [ 62.610956] ? lock_timer_base+0x61/0x80 [ 62.614106] find_extend_vma+0x19/0x80 [ 62.617195] __get_user_pages+0x9b/0x6a0 [ 62.620356] __gup_longterm_locked+0x42d/0x450 [ 62.623721] ? finish_wait+0x41/0x80 [ 62.626748] ? __kmalloc+0x178/0x2f0 [ 62.629768] ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves] [ 62.635776] ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves] [ 62.639541] __x64_sys_ioctl+0x82/0xb0 [ 62.642620] do_syscall_64+0x3b/0x90 [ 62.645642] entry_SYSCALL_64_after_hwframe+0x44/0xae Use get_user_pages_unlocked() when setting the enclave memory regions. That's a similar pattern as mmap_read_lock() used together with get_user_pages().

Severity

No CVSS data available.

Assigner

Linux

References

2 references

URL	Tags
https://git.kernel.org/stable/c/90d2beed5e753805c…
https://git.kernel.org/stable/c/3a0152b219523227c…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 5b78ed24e8ec48602c1d6f5a188e58d000c81e2b , < 90d2beed5e753805c5eab656b8d48257638fe543 (git) Affected: 5b78ed24e8ec48602c1d6f5a188e58d000c81e2b , < 3a0152b219523227c2a62a0a122cf99608287176 (git)
Linux	Linux	Affected: 5.15 Unaffected: 0 , < 5.15 (semver) Unaffected: 5.15.13 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46927",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-27T15:46:16.994467Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:00.781Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.860Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/90d2beed5e753805c5eab656b8d48257638fe543"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3a0152b219523227c2a62a0a122cf99608287176"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/virt/nitro_enclaves/ne_misc_dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "90d2beed5e753805c5eab656b8d48257638fe543",
              "status": "affected",
              "version": "5b78ed24e8ec48602c1d6f5a188e58d000c81e2b",
              "versionType": "git"
            },
            {
              "lessThan": "3a0152b219523227c2a62a0a122cf99608287176",
              "status": "affected",
              "version": "5b78ed24e8ec48602c1d6f5a188e58d000c81e2b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/virt/nitro_enclaves/ne_misc_dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.13",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert\n\nAfter commit 5b78ed24e8ec (\"mm/pagemap: add mmap_assert_locked()\nannotations to find_vma*()\"), the call to get_user_pages() will trigger\nthe mmap assert.\n\nstatic inline void mmap_assert_locked(struct mm_struct *mm)\n{\n\tlockdep_assert_held(\u0026mm-\u003emmap_lock);\n\tVM_BUG_ON_MM(!rwsem_is_locked(\u0026mm-\u003emmap_lock), mm);\n}\n\n[   62.521410] kernel BUG at include/linux/mmap_lock.h:156!\n...........................................................\n[   62.538938] RIP: 0010:find_vma+0x32/0x80\n...........................................................\n[   62.605889] Call Trace:\n[   62.608502]  \u003cTASK\u003e\n[   62.610956]  ? lock_timer_base+0x61/0x80\n[   62.614106]  find_extend_vma+0x19/0x80\n[   62.617195]  __get_user_pages+0x9b/0x6a0\n[   62.620356]  __gup_longterm_locked+0x42d/0x450\n[   62.623721]  ? finish_wait+0x41/0x80\n[   62.626748]  ? __kmalloc+0x178/0x2f0\n[   62.629768]  ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves]\n[   62.635776]  ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves]\n[   62.639541]  __x64_sys_ioctl+0x82/0xb0\n[   62.642620]  do_syscall_64+0x3b/0x90\n[   62.645642]  entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nUse get_user_pages_unlocked() when setting the enclave memory regions.\nThat\u0027s a similar pattern as mmap_read_lock() used together with\nget_user_pages()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:44:35.485Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/90d2beed5e753805c5eab656b8d48257638fe543"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a0152b219523227c2a62a0a122cf99608287176"
        }
      ],
      "title": "nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46927",
    "datePublished": "2024-02-27T09:43:56.743Z",
    "dateReserved": "2024-02-25T13:45:52.720Z",
    "dateUpdated": "2026-05-11T13:44:35.485Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-46929 (GCVE-0-2021-46929)

Vulnerability from cvelistv5 – Published: 2024-02-27 09:43 – Updated: 2026-05-11 13:44

Title

sctp: use call_rcu to free endpoint

Summary

In the Linux kernel, the following vulnerability has been resolved: sctp: use call_rcu to free endpoint This patch is to delay the endpoint free by calling call_rcu() to fix another use-after-free issue in sctp_sock_dump(): BUG: KASAN: use-after-free in __lock_acquire+0x36d9/0x4c20 Call Trace: __lock_acquire+0x36d9/0x4c20 kernel/locking/lockdep.c:3218 lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3844 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:334 [inline] __lock_sock+0x203/0x350 net/core/sock.c:2253 lock_sock_nested+0xfe/0x120 net/core/sock.c:2774 lock_sock include/net/sock.h:1492 [inline] sctp_sock_dump+0x122/0xb20 net/sctp/diag.c:324 sctp_for_each_transport+0x2b5/0x370 net/sctp/socket.c:5091 sctp_diag_dump+0x3ac/0x660 net/sctp/diag.c:527 __inet_diag_dump+0xa8/0x140 net/ipv4/inet_diag.c:1049 inet_diag_dump+0x9b/0x110 net/ipv4/inet_diag.c:1065 netlink_dump+0x606/0x1080 net/netlink/af_netlink.c:2244 __netlink_dump_start+0x59a/0x7c0 net/netlink/af_netlink.c:2352 netlink_dump_start include/linux/netlink.h:216 [inline] inet_diag_handler_cmd+0x2ce/0x3f0 net/ipv4/inet_diag.c:1170 __sock_diag_cmd net/core/sock_diag.c:232 [inline] sock_diag_rcv_msg+0x31d/0x410 net/core/sock_diag.c:263 netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2477 sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:274 This issue occurs when asoc is peeled off and the old sk is freed after getting it by asoc->base.sk and before calling lock_sock(sk). To prevent the sk free, as a holder of the sk, ep should be alive when calling lock_sock(). This patch uses call_rcu() and moves sock_put and ep free into sctp_endpoint_destroy_rcu(), so that it's safe to try to hold the ep under rcu_read_lock in sctp_transport_traverse_process(). If sctp_endpoint_hold() returns true, it means this ep is still alive and we have held it and can continue to dump it; If it returns false, it means this ep is dead and can be freed after rcu_read_unlock, and we should skip it. In sctp_sock_dump(), after locking the sk, if this ep is different from tsp->asoc->ep, it means during this dumping, this asoc was peeled off before calling lock_sock(), and the sk should be skipped; If this ep is the same with tsp->asoc->ep, it means no peeloff happens on this asoc, and due to lock_sock, no peeloff will happen either until release_sock. Note that delaying endpoint free won't delay the port release, as the port release happens in sctp_endpoint_destroy() before calling call_rcu(). Also, freeing endpoint by call_rcu() makes it safe to access the sk by asoc->base.sk in sctp_assocs_seq_show() and sctp_rcv(). Thanks Jones to bring this issue up. v1->v2: - improve the changelog. - add kfree(ep) into sctp_endpoint_destroy_rcu(), as Jakub noticed.

Severity

No CVSS data available.

Assigner

Linux

References

6 references

URL	Tags
https://git.kernel.org/stable/c/8873140f95d4977bf…
https://git.kernel.org/stable/c/af6e6e58f7ebf86b4…
https://git.kernel.org/stable/c/831de271452b87657…
https://git.kernel.org/stable/c/769d14abd35e0e153…
https://git.kernel.org/stable/c/75799e71df1da1139…
https://git.kernel.org/stable/c/5ec7d18d1813a5bea…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: d25adbeb0cdb860fb39e09cdd025e9cfc954c5ab , < 8873140f95d4977bf37e4cf0d5c5e3f6e34cdd3e (git) Affected: d25adbeb0cdb860fb39e09cdd025e9cfc954c5ab , < af6e6e58f7ebf86b4e7201694b1e4f3a62cbc3ec (git) Affected: d25adbeb0cdb860fb39e09cdd025e9cfc954c5ab , < 831de271452b87657fcf8d715ee20519b79caef5 (git) Affected: d25adbeb0cdb860fb39e09cdd025e9cfc954c5ab , < 769d14abd35e0e153b5149c3e1e989a9d719e3ff (git) Affected: d25adbeb0cdb860fb39e09cdd025e9cfc954c5ab , < 75799e71df1da11394740b43ae5686646179561d (git) Affected: d25adbeb0cdb860fb39e09cdd025e9cfc954c5ab , < 5ec7d18d1813a5bead0b495045606c93873aecbb (git)
Linux	Linux	Affected: 4.14 Unaffected: 0 , < 4.14 (semver) Unaffected: 4.14.261 , ≤ 4.14.* (semver) Unaffected: 4.19.224 , ≤ 4.19.* (semver) Unaffected: 5.4.170 , ≤ 5.4.* (semver) Unaffected: 5.10.90 , ≤ 5.10.* (semver) Unaffected: 5.15.13 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.985Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8873140f95d4977bf37e4cf0d5c5e3f6e34cdd3e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af6e6e58f7ebf86b4e7201694b1e4f3a62cbc3ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/831de271452b87657fcf8d715ee20519b79caef5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/769d14abd35e0e153b5149c3e1e989a9d719e3ff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/75799e71df1da11394740b43ae5686646179561d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5ec7d18d1813a5bead0b495045606c93873aecbb"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46929",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:02:00.945845Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:20.539Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/sctp/sctp.h",
            "include/net/sctp/structs.h",
            "net/sctp/diag.c",
            "net/sctp/endpointola.c",
            "net/sctp/socket.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8873140f95d4977bf37e4cf0d5c5e3f6e34cdd3e",
              "status": "affected",
              "version": "d25adbeb0cdb860fb39e09cdd025e9cfc954c5ab",
              "versionType": "git"
            },
            {
              "lessThan": "af6e6e58f7ebf86b4e7201694b1e4f3a62cbc3ec",
              "status": "affected",
              "version": "d25adbeb0cdb860fb39e09cdd025e9cfc954c5ab",
              "versionType": "git"
            },
            {
              "lessThan": "831de271452b87657fcf8d715ee20519b79caef5",
              "status": "affected",
              "version": "d25adbeb0cdb860fb39e09cdd025e9cfc954c5ab",
              "versionType": "git"
            },
            {
              "lessThan": "769d14abd35e0e153b5149c3e1e989a9d719e3ff",
              "status": "affected",
              "version": "d25adbeb0cdb860fb39e09cdd025e9cfc954c5ab",
              "versionType": "git"
            },
            {
              "lessThan": "75799e71df1da11394740b43ae5686646179561d",
              "status": "affected",
              "version": "d25adbeb0cdb860fb39e09cdd025e9cfc954c5ab",
              "versionType": "git"
            },
            {
              "lessThan": "5ec7d18d1813a5bead0b495045606c93873aecbb",
              "status": "affected",
              "version": "d25adbeb0cdb860fb39e09cdd025e9cfc954c5ab",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/sctp/sctp.h",
            "include/net/sctp/structs.h",
            "net/sctp/diag.c",
            "net/sctp/endpointola.c",
            "net/sctp/socket.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.261",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.170",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.261",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.224",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.170",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.90",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.13",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: use call_rcu to free endpoint\n\nThis patch is to delay the endpoint free by calling call_rcu() to fix\nanother use-after-free issue in sctp_sock_dump():\n\n  BUG: KASAN: use-after-free in __lock_acquire+0x36d9/0x4c20\n  Call Trace:\n    __lock_acquire+0x36d9/0x4c20 kernel/locking/lockdep.c:3218\n    lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3844\n    __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]\n    _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168\n    spin_lock_bh include/linux/spinlock.h:334 [inline]\n    __lock_sock+0x203/0x350 net/core/sock.c:2253\n    lock_sock_nested+0xfe/0x120 net/core/sock.c:2774\n    lock_sock include/net/sock.h:1492 [inline]\n    sctp_sock_dump+0x122/0xb20 net/sctp/diag.c:324\n    sctp_for_each_transport+0x2b5/0x370 net/sctp/socket.c:5091\n    sctp_diag_dump+0x3ac/0x660 net/sctp/diag.c:527\n    __inet_diag_dump+0xa8/0x140 net/ipv4/inet_diag.c:1049\n    inet_diag_dump+0x9b/0x110 net/ipv4/inet_diag.c:1065\n    netlink_dump+0x606/0x1080 net/netlink/af_netlink.c:2244\n    __netlink_dump_start+0x59a/0x7c0 net/netlink/af_netlink.c:2352\n    netlink_dump_start include/linux/netlink.h:216 [inline]\n    inet_diag_handler_cmd+0x2ce/0x3f0 net/ipv4/inet_diag.c:1170\n    __sock_diag_cmd net/core/sock_diag.c:232 [inline]\n    sock_diag_rcv_msg+0x31d/0x410 net/core/sock_diag.c:263\n    netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2477\n    sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:274\n\nThis issue occurs when asoc is peeled off and the old sk is freed after\ngetting it by asoc-\u003ebase.sk and before calling lock_sock(sk).\n\nTo prevent the sk free, as a holder of the sk, ep should be alive when\ncalling lock_sock(). This patch uses call_rcu() and moves sock_put and\nep free into sctp_endpoint_destroy_rcu(), so that it\u0027s safe to try to\nhold the ep under rcu_read_lock in sctp_transport_traverse_process().\n\nIf sctp_endpoint_hold() returns true, it means this ep is still alive\nand we have held it and can continue to dump it; If it returns false,\nit means this ep is dead and can be freed after rcu_read_unlock, and\nwe should skip it.\n\nIn sctp_sock_dump(), after locking the sk, if this ep is different from\ntsp-\u003easoc-\u003eep, it means during this dumping, this asoc was peeled off\nbefore calling lock_sock(), and the sk should be skipped; If this ep is\nthe same with tsp-\u003easoc-\u003eep, it means no peeloff happens on this asoc,\nand due to lock_sock, no peeloff will happen either until release_sock.\n\nNote that delaying endpoint free won\u0027t delay the port release, as the\nport release happens in sctp_endpoint_destroy() before calling call_rcu().\nAlso, freeing endpoint by call_rcu() makes it safe to access the sk by\nasoc-\u003ebase.sk in sctp_assocs_seq_show() and sctp_rcv().\n\nThanks Jones to bring this issue up.\n\nv1-\u003ev2:\n  - improve the changelog.\n  - add kfree(ep) into sctp_endpoint_destroy_rcu(), as Jakub noticed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:44:37.844Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8873140f95d4977bf37e4cf0d5c5e3f6e34cdd3e"
        },
        {
          "url": "https://git.kernel.org/stable/c/af6e6e58f7ebf86b4e7201694b1e4f3a62cbc3ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/831de271452b87657fcf8d715ee20519b79caef5"
        },
        {
          "url": "https://git.kernel.org/stable/c/769d14abd35e0e153b5149c3e1e989a9d719e3ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/75799e71df1da11394740b43ae5686646179561d"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ec7d18d1813a5bead0b495045606c93873aecbb"
        }
      ],
      "title": "sctp: use call_rcu to free endpoint",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46929",
    "datePublished": "2024-02-27T09:43:58.047Z",
    "dateReserved": "2024-02-25T13:45:52.720Z",
    "dateUpdated": "2026-05-11T13:44:37.844Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-46930 (GCVE-0-2021-46930)

Vulnerability from cvelistv5 – Published: 2024-02-27 09:43 – Updated: 2026-05-11 13:44

Title

usb: mtu3: fix list_head check warning

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix list_head check warning This is caused by uninitialization of list_head. BUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4 Call trace: dump_backtrace+0x0/0x298 show_stack+0x24/0x34 dump_stack+0x130/0x1a8 print_address_description+0x88/0x56c __kasan_report+0x1b8/0x2a0 kasan_report+0x14/0x20 __asan_load8+0x9c/0xa0 __list_del_entry_valid+0x34/0xe4 mtu3_req_complete+0x4c/0x300 [mtu3] mtu3_gadget_stop+0x168/0x448 [mtu3] usb_gadget_unregister_driver+0x204/0x3a0 unregister_gadget_item+0x44/0xa4

Severity

No CVSS data available.

Assigner

Linux

References

4 references

URL	Tags
https://git.kernel.org/stable/c/585e2b244dda7ea73…
https://git.kernel.org/stable/c/3b6efe0b7ba03cc2a…
https://git.kernel.org/stable/c/249ddfbe00570d6dc…
https://git.kernel.org/stable/c/8c313e3bfd9adae8d…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 83374e035b6286731c5aa617844c7b724294c2a7 , < 585e2b244dda7ea733274e4b8fa27853d625d3bf (git) Affected: 83374e035b6286731c5aa617844c7b724294c2a7 , < 3b6efe0b7ba03cc2acf0694b46d6ff33c5b4c295 (git) Affected: 83374e035b6286731c5aa617844c7b724294c2a7 , < 249ddfbe00570d6dc76208e88017937d4d374c79 (git) Affected: 83374e035b6286731c5aa617844c7b724294c2a7 , < 8c313e3bfd9adae8d5c4ba1cc696dcbc86fbf9bf (git)
Linux	Linux	Affected: 5.2 Unaffected: 0 , < 5.2 (semver) Unaffected: 5.4.170 , ≤ 5.4.* (semver) Unaffected: 5.10.90 , ≤ 5.10.* (semver) Unaffected: 5.15.13 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46930",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-27T20:52:42.615834Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:03.494Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/585e2b244dda7ea733274e4b8fa27853d625d3bf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3b6efe0b7ba03cc2acf0694b46d6ff33c5b4c295"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/249ddfbe00570d6dc76208e88017937d4d374c79"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8c313e3bfd9adae8d5c4ba1cc696dcbc86fbf9bf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/mtu3/mtu3_gadget.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "585e2b244dda7ea733274e4b8fa27853d625d3bf",
              "status": "affected",
              "version": "83374e035b6286731c5aa617844c7b724294c2a7",
              "versionType": "git"
            },
            {
              "lessThan": "3b6efe0b7ba03cc2acf0694b46d6ff33c5b4c295",
              "status": "affected",
              "version": "83374e035b6286731c5aa617844c7b724294c2a7",
              "versionType": "git"
            },
            {
              "lessThan": "249ddfbe00570d6dc76208e88017937d4d374c79",
              "status": "affected",
              "version": "83374e035b6286731c5aa617844c7b724294c2a7",
              "versionType": "git"
            },
            {
              "lessThan": "8c313e3bfd9adae8d5c4ba1cc696dcbc86fbf9bf",
              "status": "affected",
              "version": "83374e035b6286731c5aa617844c7b724294c2a7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/mtu3/mtu3_gadget.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "lessThan": "5.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.170",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.170",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.90",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.13",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: mtu3: fix list_head check warning\n\nThis is caused by uninitialization of list_head.\n\nBUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4\n\nCall trace:\ndump_backtrace+0x0/0x298\nshow_stack+0x24/0x34\ndump_stack+0x130/0x1a8\nprint_address_description+0x88/0x56c\n__kasan_report+0x1b8/0x2a0\nkasan_report+0x14/0x20\n__asan_load8+0x9c/0xa0\n__list_del_entry_valid+0x34/0xe4\nmtu3_req_complete+0x4c/0x300 [mtu3]\nmtu3_gadget_stop+0x168/0x448 [mtu3]\nusb_gadget_unregister_driver+0x204/0x3a0\nunregister_gadget_item+0x44/0xa4"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:44:38.962Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/585e2b244dda7ea733274e4b8fa27853d625d3bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b6efe0b7ba03cc2acf0694b46d6ff33c5b4c295"
        },
        {
          "url": "https://git.kernel.org/stable/c/249ddfbe00570d6dc76208e88017937d4d374c79"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c313e3bfd9adae8d5c4ba1cc696dcbc86fbf9bf"
        }
      ],
      "title": "usb: mtu3: fix list_head check warning",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46930",
    "datePublished": "2024-02-27T09:43:58.710Z",
    "dateReserved": "2024-02-25T13:45:52.720Z",
    "dateUpdated": "2026-05-11T13:44:38.962Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-46931 (GCVE-0-2021-46931)

Vulnerability from cvelistv5 – Published: 2024-02-27 09:43 – Updated: 2026-05-11 13:44

Title

net/mlx5e: Wrap the tx reporter dump callback to extract the sq

Summary

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Wrap the tx reporter dump callback to extract the sq Function mlx5e_tx_reporter_dump_sq() casts its void * argument to struct mlx5e_txqsq *, but in TX-timeout-recovery flow the argument is actually of type struct mlx5e_tx_timeout_ctx *. mlx5_core 0000:08:00.1 enp8s0f1: TX timeout detected mlx5_core 0000:08:00.1 enp8s0f1: TX timeout on queue: 1, SQ: 0x11ec, CQ: 0x146d, SQ Cons: 0x0 SQ Prod: 0x1, usecs since last trans: 21565000 BUG: stack guard page was hit at 0000000093f1a2de (stack is 00000000b66ea0dc..000000004d932dae) kernel stack overflow (page fault): 0000 [#1] SMP NOPTI CPU: 5 PID: 95 Comm: kworker/u20:1 Tainted: G W OE 5.13.0_mlnx #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Workqueue: mlx5e mlx5e_tx_timeout_work [mlx5_core] RIP: 0010:mlx5e_tx_reporter_dump_sq+0xd3/0x180 [mlx5_core] Call Trace: mlx5e_tx_reporter_dump+0x43/0x1c0 [mlx5_core] devlink_health_do_dump.part.91+0x71/0xd0 devlink_health_report+0x157/0x1b0 mlx5e_reporter_tx_timeout+0xb9/0xf0 [mlx5_core] ? mlx5e_tx_reporter_err_cqe_recover+0x1d0/0x1d0 [mlx5_core] ? mlx5e_health_queue_dump+0xd0/0xd0 [mlx5_core] ? update_load_avg+0x19b/0x550 ? set_next_entity+0x72/0x80 ? pick_next_task_fair+0x227/0x340 ? finish_task_switch+0xa2/0x280 mlx5e_tx_timeout_work+0x83/0xb0 [mlx5_core] process_one_work+0x1de/0x3a0 worker_thread+0x2d/0x3c0 ? process_one_work+0x3a0/0x3a0 kthread+0x115/0x130 ? kthread_park+0x90/0x90 ret_from_fork+0x1f/0x30 --[ end trace 51ccabea504edaff ]--- RIP: 0010:mlx5e_tx_reporter_dump_sq+0xd3/0x180 PKRU: 55555554 Kernel panic - not syncing: Fatal exception Kernel Offset: disabled end Kernel panic - not syncing: Fatal exception To fix this bug add a wrapper for mlx5e_tx_reporter_dump_sq() which extracts the sq from struct mlx5e_tx_timeout_ctx and set it as the TX-timeout-recovery flow dump callback.

Severity

No CVSS data available.

Assigner

Linux

References

3 references

URL	Tags
https://git.kernel.org/stable/c/73665165b64a8f3c5…
https://git.kernel.org/stable/c/07f13d58a8ecc3baf…
https://git.kernel.org/stable/c/918fc3855a6507a20…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 5f29458b77d51c104554575b73184c243930aa87 , < 73665165b64a8f3c5b3534009a69be55bb744f05 (git) Affected: 5f29458b77d51c104554575b73184c243930aa87 , < 07f13d58a8ecc3baf9a488588fb38c5cb0db484f (git) Affected: 5f29458b77d51c104554575b73184c243930aa87 , < 918fc3855a6507a200e9cf22c20be852c0982687 (git)
Linux	Linux	Affected: 5.7 Unaffected: 0 , < 5.7 (semver) Unaffected: 5.10.90 , ≤ 5.10.* (semver) Unaffected: 5.15.13 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46931",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T20:41:09.616105Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T20:41:36.460Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.989Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/73665165b64a8f3c5b3534009a69be55bb744f05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/07f13d58a8ecc3baf9a488588fb38c5cb0db484f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/918fc3855a6507a200e9cf22c20be852c0982687"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "73665165b64a8f3c5b3534009a69be55bb744f05",
              "status": "affected",
              "version": "5f29458b77d51c104554575b73184c243930aa87",
              "versionType": "git"
            },
            {
              "lessThan": "07f13d58a8ecc3baf9a488588fb38c5cb0db484f",
              "status": "affected",
              "version": "5f29458b77d51c104554575b73184c243930aa87",
              "versionType": "git"
            },
            {
              "lessThan": "918fc3855a6507a200e9cf22c20be852c0982687",
              "status": "affected",
              "version": "5f29458b77d51c104554575b73184c243930aa87",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.90",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.13",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Wrap the tx reporter dump callback to extract the sq\n\nFunction mlx5e_tx_reporter_dump_sq() casts its void * argument to struct\nmlx5e_txqsq *, but in TX-timeout-recovery flow the argument is actually\nof type struct mlx5e_tx_timeout_ctx *.\n\n mlx5_core 0000:08:00.1 enp8s0f1: TX timeout detected\n mlx5_core 0000:08:00.1 enp8s0f1: TX timeout on queue: 1, SQ: 0x11ec, CQ: 0x146d, SQ Cons: 0x0 SQ Prod: 0x1, usecs since last trans: 21565000\n BUG: stack guard page was hit at 0000000093f1a2de (stack is 00000000b66ea0dc..000000004d932dae)\n kernel stack overflow (page fault): 0000 [#1] SMP NOPTI\n CPU: 5 PID: 95 Comm: kworker/u20:1 Tainted: G W OE 5.13.0_mlnx #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5e mlx5e_tx_timeout_work [mlx5_core]\n RIP: 0010:mlx5e_tx_reporter_dump_sq+0xd3/0x180\n [mlx5_core]\n Call Trace:\n mlx5e_tx_reporter_dump+0x43/0x1c0 [mlx5_core]\n devlink_health_do_dump.part.91+0x71/0xd0\n devlink_health_report+0x157/0x1b0\n mlx5e_reporter_tx_timeout+0xb9/0xf0 [mlx5_core]\n ? mlx5e_tx_reporter_err_cqe_recover+0x1d0/0x1d0\n [mlx5_core]\n ? mlx5e_health_queue_dump+0xd0/0xd0 [mlx5_core]\n ? update_load_avg+0x19b/0x550\n ? set_next_entity+0x72/0x80\n ? pick_next_task_fair+0x227/0x340\n ? finish_task_switch+0xa2/0x280\n   mlx5e_tx_timeout_work+0x83/0xb0 [mlx5_core]\n   process_one_work+0x1de/0x3a0\n   worker_thread+0x2d/0x3c0\n ? process_one_work+0x3a0/0x3a0\n   kthread+0x115/0x130\n ? kthread_park+0x90/0x90\n   ret_from_fork+0x1f/0x30\n --[ end trace 51ccabea504edaff ]---\n RIP: 0010:mlx5e_tx_reporter_dump_sq+0xd3/0x180\n PKRU: 55555554\n Kernel panic - not syncing: Fatal exception\n Kernel Offset: disabled\n end Kernel panic - not syncing: Fatal exception\n\nTo fix this bug add a wrapper for mlx5e_tx_reporter_dump_sq() which\nextracts the sq from struct mlx5e_tx_timeout_ctx and set it as the\nTX-timeout-recovery flow dump callback."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:44:40.177Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/73665165b64a8f3c5b3534009a69be55bb744f05"
        },
        {
          "url": "https://git.kernel.org/stable/c/07f13d58a8ecc3baf9a488588fb38c5cb0db484f"
        },
        {
          "url": "https://git.kernel.org/stable/c/918fc3855a6507a200e9cf22c20be852c0982687"
        }
      ],
      "title": "net/mlx5e: Wrap the tx reporter dump callback to extract the sq",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46931",
    "datePublished": "2024-02-27T09:43:59.373Z",
    "dateReserved": "2024-02-25T13:45:52.720Z",
    "dateUpdated": "2026-05-11T13:44:40.177Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-46933 (GCVE-0-2021-46933)

Vulnerability from cvelistv5 – Published: 2024-02-27 09:44 – Updated: 2026-05-11 13:44

Title

usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmounts f_fs. If userland provided an eventfd along with function's USB descriptors, it ends up calling eventfd_ctx_put as many times, causing a refcount underflow. NULL-ify ffs_eventfd to prevent these extraneous eventfd_ctx_put calls. Also, set epfiles to NULL right after de-allocating it, for readability. For completeness, ffs_data_clear actually ends up being called thrice, the last call being before the whole ffs structure gets freed, so when this specific sequence happens there is a second underflow happening (but not being reported): /sys/kernel/debug/tracing# modprobe usb_f_fs /sys/kernel/debug/tracing# echo ffs_data_clear > set_ftrace_filter /sys/kernel/debug/tracing# echo function > current_tracer /sys/kernel/debug/tracing# echo 1 > tracing_on (setup gadget, run and kill function userland process, teardown gadget) /sys/kernel/debug/tracing# echo 0 > tracing_on /sys/kernel/debug/tracing# cat trace smartcard-openp-436 [000] ..... 1946.208786: ffs_data_clear <-ffs_data_closed smartcard-openp-431 [000] ..... 1946.279147: ffs_data_clear <-ffs_data_closed smartcard-openp-431 [000] .n... 1946.905512: ffs_data_clear <-ffs_data_put Warning output corresponding to above trace: [ 1946.284139] WARNING: CPU: 0 PID: 431 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15c [ 1946.293094] refcount_t: underflow; use-after-free. [ 1946.298164] Modules linked in: usb_f_ncm(E) u_ether(E) usb_f_fs(E) hci_uart(E) btqca(E) btrtl(E) btbcm(E) btintel(E) bluetooth(E) nls_ascii(E) nls_cp437(E) vfat(E) fat(E) bcm2835_v4l2(CE) bcm2835_mmal_vchiq(CE) videobuf2_vmalloc(E) videobuf2_memops(E) sha512_generic(E) videobuf2_v4l2(E) sha512_arm(E) videobuf2_common(E) videodev(E) cpufreq_dt(E) snd_bcm2835(CE) brcmfmac(E) mc(E) vc4(E) ctr(E) brcmutil(E) snd_soc_core(E) snd_pcm_dmaengine(E) drbg(E) snd_pcm(E) snd_timer(E) snd(E) soundcore(E) drm_kms_helper(E) cec(E) ansi_cprng(E) rc_core(E) syscopyarea(E) raspberrypi_cpufreq(E) sysfillrect(E) sysimgblt(E) cfg80211(E) max17040_battery(OE) raspberrypi_hwmon(E) fb_sys_fops(E) regmap_i2c(E) ecdh_generic(E) rfkill(E) ecc(E) bcm2835_rng(E) rng_core(E) vchiq(CE) leds_gpio(E) libcomposite(E) fuse(E) configfs(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) sdhci_iproc(E) sdhci_pltfm(E) sdhci(E) [ 1946.399633] CPU: 0 PID: 431 Comm: smartcard-openp Tainted: G C OE 5.15.0-1-rpi #1 Debian 5.15.3-1 [ 1946.417950] Hardware name: BCM2835 [ 1946.425442] Backtrace: [ 1946.432048] [<c08d60a0>] (dump_backtrace) from [<c08d62ec>] (show_stack+0x20/0x24) [ 1946.448226] r7:00000009 r6:0000001c r5:c04a948c r4:c0a64e2c [ 1946.458412] [<c08d62cc>] (show_stack) from [<c08d9ae0>] (dump_stack+0x28/0x30) [ 1946.470380] [<c08d9ab8>] (dump_stack) from [<c0123500>] (__warn+0xe8/0x154) [ 1946.482067] r5:c04a948c r4:c0a71dc8 [ 1946.490184] [<c0123418>] (__warn) from [<c08d6948>] (warn_slowpath_fmt+0xa0/0xe4) [ 1946.506758] r7:00000009 r6:0000001c r5:c0a71dc8 r4:c0a71e04 [ 1946.517070] [<c08d68ac>] (warn_slowpath_fmt) from [<c04a948c>] (refcount_warn_saturate+0x110/0x15c) [ 1946.535309] r8:c0100224 r7:c0dfcb84 r6:ffffffff r5:c3b84c00 r4:c24a17c0 [ 1946.546708] [<c04a937c>] (refcount_warn_saturate) from [<c0380134>] (eventfd_ctx_put+0x48/0x74) [ 1946.564476] [<c03800ec>] (eventfd_ctx_put) from [<bf5464e8>] (ffs_data_clear+0xd0/0x118 [usb_f_fs]) [ 1946.582664] r5:c3b84c00 r4:c2695b00 [ 1946.590668] [<bf546418>] (ffs_data_clear [usb_f_fs]) from [<bf547cc0>] (ffs_data_closed+0x9c/0x150 [usb_f_fs]) [ 1946.609608] r5:bf54d014 r4:c2695b00 [ 1946.617522] [<bf547c24>] (ffs_data_closed [usb_f_fs]) from [<bf547da0>] (ffs_fs_kill_sb+0x2c/0x30 [usb_f_fs]) [ 1946.636217] r7:c0dfcb ---truncated---

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/f976dd7011150244a…
https://git.kernel.org/stable/c/cc8c8028c21b2a384…
https://git.kernel.org/stable/c/52500239e3f2d6fc7…
https://git.kernel.org/stable/c/33f6a0cbb7772146e…
https://git.kernel.org/stable/c/240fc586e83d64591…
https://git.kernel.org/stable/c/1c4ace3e6b8575745…
https://git.kernel.org/stable/c/ebef2aa29f370b509…
https://git.kernel.org/stable/c/b1e0887379422975f…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 5e33f6fdf735cda1d4580fe6f1878da05718fe73 , < f976dd7011150244a7ba820f2c331e9fb253befa (git) Affected: 5e33f6fdf735cda1d4580fe6f1878da05718fe73 , < cc8c8028c21b2a3842a1e98e99e55028df275919 (git) Affected: 5e33f6fdf735cda1d4580fe6f1878da05718fe73 , < 52500239e3f2d6fc77b6f58632a9fb98fe74ac09 (git) Affected: 5e33f6fdf735cda1d4580fe6f1878da05718fe73 , < 33f6a0cbb7772146e1c11f38028fffbfed14728b (git) Affected: 5e33f6fdf735cda1d4580fe6f1878da05718fe73 , < 240fc586e83d645912accce081a48aa63a45f6ee (git) Affected: 5e33f6fdf735cda1d4580fe6f1878da05718fe73 , < 1c4ace3e6b8575745c50dca9e76e0021e697d645 (git) Affected: 5e33f6fdf735cda1d4580fe6f1878da05718fe73 , < ebef2aa29f370b5096c16020c104e393192ef684 (git) Affected: 5e33f6fdf735cda1d4580fe6f1878da05718fe73 , < b1e0887379422975f237d43d8839b751a6bcf154 (git)
Linux	Linux	Affected: 4.0 Unaffected: 0 , < 4.0 (semver) Unaffected: 4.4.298 , ≤ 4.4.* (semver) Unaffected: 4.9.296 , ≤ 4.9.* (semver) Unaffected: 4.14.261 , ≤ 4.14.* (semver) Unaffected: 4.19.224 , ≤ 4.19.* (semver) Unaffected: 5.4.170 , ≤ 5.4.* (semver) Unaffected: 5.10.90 , ≤ 5.10.* (semver) Unaffected: 5.15.13 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-46933",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T16:12:25.365291Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T16:12:28.882Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:43.071Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f976dd7011150244a7ba820f2c331e9fb253befa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cc8c8028c21b2a3842a1e98e99e55028df275919"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/52500239e3f2d6fc77b6f58632a9fb98fe74ac09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/33f6a0cbb7772146e1c11f38028fffbfed14728b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/240fc586e83d645912accce081a48aa63a45f6ee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1c4ace3e6b8575745c50dca9e76e0021e697d645"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ebef2aa29f370b5096c16020c104e393192ef684"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b1e0887379422975f237d43d8839b751a6bcf154"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/f_fs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f976dd7011150244a7ba820f2c331e9fb253befa",
              "status": "affected",
              "version": "5e33f6fdf735cda1d4580fe6f1878da05718fe73",
              "versionType": "git"
            },
            {
              "lessThan": "cc8c8028c21b2a3842a1e98e99e55028df275919",
              "status": "affected",
              "version": "5e33f6fdf735cda1d4580fe6f1878da05718fe73",
              "versionType": "git"
            },
            {
              "lessThan": "52500239e3f2d6fc77b6f58632a9fb98fe74ac09",
              "status": "affected",
              "version": "5e33f6fdf735cda1d4580fe6f1878da05718fe73",
              "versionType": "git"
            },
            {
              "lessThan": "33f6a0cbb7772146e1c11f38028fffbfed14728b",
              "status": "affected",
              "version": "5e33f6fdf735cda1d4580fe6f1878da05718fe73",
              "versionType": "git"
            },
            {
              "lessThan": "240fc586e83d645912accce081a48aa63a45f6ee",
              "status": "affected",
              "version": "5e33f6fdf735cda1d4580fe6f1878da05718fe73",
              "versionType": "git"
            },
            {
              "lessThan": "1c4ace3e6b8575745c50dca9e76e0021e697d645",
              "status": "affected",
              "version": "5e33f6fdf735cda1d4580fe6f1878da05718fe73",
              "versionType": "git"
            },
            {
              "lessThan": "ebef2aa29f370b5096c16020c104e393192ef684",
              "status": "affected",
              "version": "5e33f6fdf735cda1d4580fe6f1878da05718fe73",
              "versionType": "git"
            },
            {
              "lessThan": "b1e0887379422975f237d43d8839b751a6bcf154",
              "status": "affected",
              "version": "5e33f6fdf735cda1d4580fe6f1878da05718fe73",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/f_fs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            },
            {
              "lessThan": "4.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.298",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.296",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.261",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.170",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.298",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.296",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.261",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.224",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.170",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.90",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.13",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "4.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.\n\nffs_data_clear is indirectly called from both ffs_fs_kill_sb and\nffs_ep0_release, so it ends up being called twice when userland closes ep0\nand then unmounts f_fs.\nIf userland provided an eventfd along with function\u0027s USB descriptors, it\nends up calling eventfd_ctx_put as many times, causing a refcount\nunderflow.\nNULL-ify ffs_eventfd to prevent these extraneous eventfd_ctx_put calls.\n\nAlso, set epfiles to NULL right after de-allocating it, for readability.\n\nFor completeness, ffs_data_clear actually ends up being called thrice, the\nlast call being before the whole ffs structure gets freed, so when this\nspecific sequence happens there is a second underflow happening (but not\nbeing reported):\n\n/sys/kernel/debug/tracing# modprobe usb_f_fs\n/sys/kernel/debug/tracing# echo ffs_data_clear \u003e set_ftrace_filter\n/sys/kernel/debug/tracing# echo function \u003e current_tracer\n/sys/kernel/debug/tracing# echo 1 \u003e tracing_on\n(setup gadget, run and kill function userland process, teardown gadget)\n/sys/kernel/debug/tracing# echo 0 \u003e tracing_on\n/sys/kernel/debug/tracing# cat trace\n smartcard-openp-436     [000] .....  1946.208786: ffs_data_clear \u003c-ffs_data_closed\n smartcard-openp-431     [000] .....  1946.279147: ffs_data_clear \u003c-ffs_data_closed\n smartcard-openp-431     [000] .n...  1946.905512: ffs_data_clear \u003c-ffs_data_put\n\nWarning output corresponding to above trace:\n[ 1946.284139] WARNING: CPU: 0 PID: 431 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15c\n[ 1946.293094] refcount_t: underflow; use-after-free.\n[ 1946.298164] Modules linked in: usb_f_ncm(E) u_ether(E) usb_f_fs(E) hci_uart(E) btqca(E) btrtl(E) btbcm(E) btintel(E) bluetooth(E) nls_ascii(E) nls_cp437(E) vfat(E) fat(E) bcm2835_v4l2(CE) bcm2835_mmal_vchiq(CE) videobuf2_vmalloc(E) videobuf2_memops(E) sha512_generic(E) videobuf2_v4l2(E) sha512_arm(E) videobuf2_common(E) videodev(E) cpufreq_dt(E) snd_bcm2835(CE) brcmfmac(E) mc(E) vc4(E) ctr(E) brcmutil(E) snd_soc_core(E) snd_pcm_dmaengine(E) drbg(E) snd_pcm(E) snd_timer(E) snd(E) soundcore(E) drm_kms_helper(E) cec(E) ansi_cprng(E) rc_core(E) syscopyarea(E) raspberrypi_cpufreq(E) sysfillrect(E) sysimgblt(E) cfg80211(E) max17040_battery(OE) raspberrypi_hwmon(E) fb_sys_fops(E) regmap_i2c(E) ecdh_generic(E) rfkill(E) ecc(E) bcm2835_rng(E) rng_core(E) vchiq(CE) leds_gpio(E) libcomposite(E) fuse(E) configfs(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) sdhci_iproc(E) sdhci_pltfm(E) sdhci(E)\n[ 1946.399633] CPU: 0 PID: 431 Comm: smartcard-openp Tainted: G         C OE     5.15.0-1-rpi #1  Debian 5.15.3-1\n[ 1946.417950] Hardware name: BCM2835\n[ 1946.425442] Backtrace:\n[ 1946.432048] [\u003cc08d60a0\u003e] (dump_backtrace) from [\u003cc08d62ec\u003e] (show_stack+0x20/0x24)\n[ 1946.448226]  r7:00000009 r6:0000001c r5:c04a948c r4:c0a64e2c\n[ 1946.458412] [\u003cc08d62cc\u003e] (show_stack) from [\u003cc08d9ae0\u003e] (dump_stack+0x28/0x30)\n[ 1946.470380] [\u003cc08d9ab8\u003e] (dump_stack) from [\u003cc0123500\u003e] (__warn+0xe8/0x154)\n[ 1946.482067]  r5:c04a948c r4:c0a71dc8\n[ 1946.490184] [\u003cc0123418\u003e] (__warn) from [\u003cc08d6948\u003e] (warn_slowpath_fmt+0xa0/0xe4)\n[ 1946.506758]  r7:00000009 r6:0000001c r5:c0a71dc8 r4:c0a71e04\n[ 1946.517070] [\u003cc08d68ac\u003e] (warn_slowpath_fmt) from [\u003cc04a948c\u003e] (refcount_warn_saturate+0x110/0x15c)\n[ 1946.535309]  r8:c0100224 r7:c0dfcb84 r6:ffffffff r5:c3b84c00 r4:c24a17c0\n[ 1946.546708] [\u003cc04a937c\u003e] (refcount_warn_saturate) from [\u003cc0380134\u003e] (eventfd_ctx_put+0x48/0x74)\n[ 1946.564476] [\u003cc03800ec\u003e] (eventfd_ctx_put) from [\u003cbf5464e8\u003e] (ffs_data_clear+0xd0/0x118 [usb_f_fs])\n[ 1946.582664]  r5:c3b84c00 r4:c2695b00\n[ 1946.590668] [\u003cbf546418\u003e] (ffs_data_clear [usb_f_fs]) from [\u003cbf547cc0\u003e] (ffs_data_closed+0x9c/0x150 [usb_f_fs])\n[ 1946.609608]  r5:bf54d014 r4:c2695b00\n[ 1946.617522] [\u003cbf547c24\u003e] (ffs_data_closed [usb_f_fs]) from [\u003cbf547da0\u003e] (ffs_fs_kill_sb+0x2c/0x30 [usb_f_fs])\n[ 1946.636217]  r7:c0dfcb\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:44:42.774Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f976dd7011150244a7ba820f2c331e9fb253befa"
        },
        {
          "url": "https://git.kernel.org/stable/c/cc8c8028c21b2a3842a1e98e99e55028df275919"
        },
        {
          "url": "https://git.kernel.org/stable/c/52500239e3f2d6fc77b6f58632a9fb98fe74ac09"
        },
        {
          "url": "https://git.kernel.org/stable/c/33f6a0cbb7772146e1c11f38028fffbfed14728b"
        },
        {
          "url": "https://git.kernel.org/stable/c/240fc586e83d645912accce081a48aa63a45f6ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c4ace3e6b8575745c50dca9e76e0021e697d645"
        },
        {
          "url": "https://git.kernel.org/stable/c/ebef2aa29f370b5096c16020c104e393192ef684"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1e0887379422975f237d43d8839b751a6bcf154"
        }
      ],
      "title": "usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46933",
    "datePublished": "2024-02-27T09:44:00.758Z",
    "dateReserved": "2024-02-25T13:45:52.720Z",
    "dateUpdated": "2026-05-11T13:44:42.774Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-46934 (GCVE-0-2021-46934)

Vulnerability from cvelistv5 – Published: 2024-02-27 09:44 – Updated: 2026-05-11 13:44

Title

i2c: validate user data in compat ioctl

Summary

In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2c_transfer(), ex: zero msgs. Userspace should not be able to trigger warnings, so this patch adds validation checks for user data in compact ioctl to prevent reported warnings

Severity

No CVSS data available.

Assigner

Linux

References

5 references

URL	Tags
https://git.kernel.org/stable/c/407c8708fb1bf2d4a…
https://git.kernel.org/stable/c/9e4a3f47eff476097…
https://git.kernel.org/stable/c/8d31cbab4c295d701…
https://git.kernel.org/stable/c/f68599581067e8a5a…
https://git.kernel.org/stable/c/bb436283e25aaf153…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 7d5cb45655f2e9e37ef75d18f50c0072ef14a38b , < 407c8708fb1bf2d4afc5337ef50635cf540c364b (git) Affected: 7d5cb45655f2e9e37ef75d18f50c0072ef14a38b , < 9e4a3f47eff476097e0c7faac04d1831fc70237d (git) Affected: 7d5cb45655f2e9e37ef75d18f50c0072ef14a38b , < 8d31cbab4c295d7010ebb729e9d02d0e9cece18f (git) Affected: 7d5cb45655f2e9e37ef75d18f50c0072ef14a38b , < f68599581067e8a5a8901ba9eb270b4519690e26 (git) Affected: 7d5cb45655f2e9e37ef75d18f50c0072ef14a38b , < bb436283e25aaf1533ce061605d23a9564447bdf (git)
Linux	Linux	Affected: 4.15 Unaffected: 0 , < 4.15 (semver) Unaffected: 4.19.224 , ≤ 4.19.* (semver) Unaffected: 5.4.170 , ≤ 5.4.* (semver) Unaffected: 5.10.90 , ≤ 5.10.* (semver) Unaffected: 5.15.13 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46934",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-05T16:18:35.081460Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:06.191Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.874Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/407c8708fb1bf2d4afc5337ef50635cf540c364b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9e4a3f47eff476097e0c7faac04d1831fc70237d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8d31cbab4c295d7010ebb729e9d02d0e9cece18f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f68599581067e8a5a8901ba9eb270b4519690e26"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bb436283e25aaf1533ce061605d23a9564447bdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/i2c-dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "407c8708fb1bf2d4afc5337ef50635cf540c364b",
              "status": "affected",
              "version": "7d5cb45655f2e9e37ef75d18f50c0072ef14a38b",
              "versionType": "git"
            },
            {
              "lessThan": "9e4a3f47eff476097e0c7faac04d1831fc70237d",
              "status": "affected",
              "version": "7d5cb45655f2e9e37ef75d18f50c0072ef14a38b",
              "versionType": "git"
            },
            {
              "lessThan": "8d31cbab4c295d7010ebb729e9d02d0e9cece18f",
              "status": "affected",
              "version": "7d5cb45655f2e9e37ef75d18f50c0072ef14a38b",
              "versionType": "git"
            },
            {
              "lessThan": "f68599581067e8a5a8901ba9eb270b4519690e26",
              "status": "affected",
              "version": "7d5cb45655f2e9e37ef75d18f50c0072ef14a38b",
              "versionType": "git"
            },
            {
              "lessThan": "bb436283e25aaf1533ce061605d23a9564447bdf",
              "status": "affected",
              "version": "7d5cb45655f2e9e37ef75d18f50c0072ef14a38b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/i2c-dev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.170",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.224",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.170",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.90",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.13",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: validate user data in compat ioctl\n\nWrong user data may cause warning in i2c_transfer(), ex: zero msgs.\nUserspace should not be able to trigger warnings, so this patch adds\nvalidation checks for user data in compact ioctl to prevent reported\nwarnings"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:44:43.916Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/407c8708fb1bf2d4afc5337ef50635cf540c364b"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e4a3f47eff476097e0c7faac04d1831fc70237d"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d31cbab4c295d7010ebb729e9d02d0e9cece18f"
        },
        {
          "url": "https://git.kernel.org/stable/c/f68599581067e8a5a8901ba9eb270b4519690e26"
        },
        {
          "url": "https://git.kernel.org/stable/c/bb436283e25aaf1533ce061605d23a9564447bdf"
        }
      ],
      "title": "i2c: validate user data in compat ioctl",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46934",
    "datePublished": "2024-02-27T09:44:01.411Z",
    "dateReserved": "2024-02-25T13:45:52.720Z",
    "dateUpdated": "2026-05-11T13:44:43.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-46936 (GCVE-0-2021-46936)

Vulnerability from cvelistv5 – Published: 2024-02-27 09:44 – Updated: 2026-05-11 13:44

Title

net: fix use-after-free in tw_timer_handler

Summary

In the Linux kernel, the following vulnerability has been resolved: net: fix use-after-free in tw_timer_handler A real world panic issue was found as follow in Linux 5.4. BUG: unable to handle page fault for address: ffffde49a863de28 PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0 RIP: 0010:tw_timer_handler+0x20/0x40 Call Trace: <IRQ> call_timer_fn+0x2b/0x120 run_timer_softirq+0x1ef/0x450 __do_softirq+0x10d/0x2b8 irq_exit+0xc7/0xd0 smp_apic_timer_interrupt+0x68/0x120 apic_timer_interrupt+0xf/0x20 This issue was also reported since 2017 in the thread [1], unfortunately, the issue was still can be reproduced after fixing DCCP. The ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net namespace is destroyed since tcp_sk_ops is registered befrore ipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops in the list of pernet_list. There will be a use-after-free on net->mib.net_statistics in tw_timer_handler after ipv4_mib_exit_net if there are some inflight time-wait timers. This bug is not introduced by commit f2bf415cfed7 ("mib: add net to NET_ADD_STATS_BH") since the net_statistics is a global variable instead of dynamic allocation and freeing. Actually, commit 61a7e26028b9 ("mib: put net statistics on struct net") introduces the bug since it put net statistics on struct net and free it when net namespace is destroyed. Moving init_ipv4_mibs() to the front of tcp_init() to fix this bug and replace pr_crit() with panic() since continuing is meaningless when init_ipv4_mibs() fails. [1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1

Severity

No CVSS data available.

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/15579e1301f856ad9…
https://git.kernel.org/stable/c/e73164e89d1be5612…
https://git.kernel.org/stable/c/5c2fe20ad37ff5607…
https://git.kernel.org/stable/c/a8e1944b44f94f5c5…
https://git.kernel.org/stable/c/fe5838c22b986c119…
https://git.kernel.org/stable/c/2386e81a1d277f540…
https://git.kernel.org/stable/c/08eacbd141e2495d2…
https://git.kernel.org/stable/c/e22e45fc9e41bf9fc…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < 15579e1301f856ad9385d720c9267c11032a5022 (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < e73164e89d1be561228a4534e1091369ee4ba41a (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < 5c2fe20ad37ff56070ae0acb34152333976929b4 (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < a8e1944b44f94f5c5f530e434c5eaee787254566 (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < fe5838c22b986c1190f1dce9aa09bf6a491c1a69 (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < 2386e81a1d277f540e1285565c9d41d531bb69d4 (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < 08eacbd141e2495d2fcdde84358a06c4f95cbb13 (git) Affected: 61a7e26028b94805fd686a6dc9dbd9941f8f19b0 , < e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0 (git)
Linux	Linux	Affected: 2.6.27 Unaffected: 0 , < 2.6.27 (semver) Unaffected: 4.4.298 , ≤ 4.4.* (semver) Unaffected: 4.9.296 , ≤ 4.9.* (semver) Unaffected: 4.14.261 , ≤ 4.14.* (semver) Unaffected: 4.19.224 , ≤ 4.19.* (semver) Unaffected: 5.4.170 , ≤ 5.4.* (semver) Unaffected: 5.10.90 , ≤ 5.10.* (semver) Unaffected: 5.15.13 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.878Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46936",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:01:57.788399Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:18.637Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/af_inet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "15579e1301f856ad9385d720c9267c11032a5022",
              "status": "affected",
              "version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
              "versionType": "git"
            },
            {
              "lessThan": "e73164e89d1be561228a4534e1091369ee4ba41a",
              "status": "affected",
              "version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
              "versionType": "git"
            },
            {
              "lessThan": "5c2fe20ad37ff56070ae0acb34152333976929b4",
              "status": "affected",
              "version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
              "versionType": "git"
            },
            {
              "lessThan": "a8e1944b44f94f5c5f530e434c5eaee787254566",
              "status": "affected",
              "version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
              "versionType": "git"
            },
            {
              "lessThan": "fe5838c22b986c1190f1dce9aa09bf6a491c1a69",
              "status": "affected",
              "version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
              "versionType": "git"
            },
            {
              "lessThan": "2386e81a1d277f540e1285565c9d41d531bb69d4",
              "status": "affected",
              "version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
              "versionType": "git"
            },
            {
              "lessThan": "08eacbd141e2495d2fcdde84358a06c4f95cbb13",
              "status": "affected",
              "version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
              "versionType": "git"
            },
            {
              "lessThan": "e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0",
              "status": "affected",
              "version": "61a7e26028b94805fd686a6dc9dbd9941f8f19b0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/af_inet.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.27"
            },
            {
              "lessThan": "2.6.27",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.298",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.296",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.261",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.224",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.170",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.298",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.296",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.261",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.224",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.170",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.90",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.13",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix use-after-free in tw_timer_handler\n\nA real world panic issue was found as follow in Linux 5.4.\n\n    BUG: unable to handle page fault for address: ffffde49a863de28\n    PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0\n    RIP: 0010:tw_timer_handler+0x20/0x40\n    Call Trace:\n     \u003cIRQ\u003e\n     call_timer_fn+0x2b/0x120\n     run_timer_softirq+0x1ef/0x450\n     __do_softirq+0x10d/0x2b8\n     irq_exit+0xc7/0xd0\n     smp_apic_timer_interrupt+0x68/0x120\n     apic_timer_interrupt+0xf/0x20\n\nThis issue was also reported since 2017 in the thread [1],\nunfortunately, the issue was still can be reproduced after fixing\nDCCP.\n\nThe ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net\nnamespace is destroyed since tcp_sk_ops is registered befrore\nipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops\nin the list of pernet_list. There will be a use-after-free on\nnet-\u003emib.net_statistics in tw_timer_handler after ipv4_mib_exit_net\nif there are some inflight time-wait timers.\n\nThis bug is not introduced by commit f2bf415cfed7 (\"mib: add net to\nNET_ADD_STATS_BH\") since the net_statistics is a global variable\ninstead of dynamic allocation and freeing. Actually, commit\n61a7e26028b9 (\"mib: put net statistics on struct net\") introduces\nthe bug since it put net statistics on struct net and free it when\nnet namespace is destroyed.\n\nMoving init_ipv4_mibs() to the front of tcp_init() to fix this bug\nand replace pr_crit() with panic() since continuing is meaningless\nwhen init_ipv4_mibs() fails.\n\n[1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:44:46.315Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/15579e1301f856ad9385d720c9267c11032a5022"
        },
        {
          "url": "https://git.kernel.org/stable/c/e73164e89d1be561228a4534e1091369ee4ba41a"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c2fe20ad37ff56070ae0acb34152333976929b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/a8e1944b44f94f5c5f530e434c5eaee787254566"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe5838c22b986c1190f1dce9aa09bf6a491c1a69"
        },
        {
          "url": "https://git.kernel.org/stable/c/2386e81a1d277f540e1285565c9d41d531bb69d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/08eacbd141e2495d2fcdde84358a06c4f95cbb13"
        },
        {
          "url": "https://git.kernel.org/stable/c/e22e45fc9e41bf9fcc1e92cfb78eb92786728ef0"
        }
      ],
      "title": "net: fix use-after-free in tw_timer_handler",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46936",
    "datePublished": "2024-02-27T09:44:02.758Z",
    "dateReserved": "2024-02-25T13:45:52.720Z",
    "dateUpdated": "2026-05-11T13:44:46.315Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47082 (GCVE-0-2021-47082)

Vulnerability from cvelistv5 – Published: 2024-03-04 18:06 – Updated: 2026-05-23 15:19

Title

tun: avoid double free in tun_free_netdev

Summary

In the Linux kernel, the following vulnerability has been resolved: tun: avoid double free in tun_free_netdev Avoid double free in tun_free_netdev() by moving the dev->tstats and tun->security allocs to a new ndo_init routine (tun_net_init()) that will be called by register_netdevice(). ndo_init is paired with the desctructor (tun_free_netdev()), so if there's an error in register_netdevice() the destructor will handle the frees. BUG: KASAN: double-free or invalid-free in selinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605 CPU: 0 PID: 25750 Comm: syz-executor416 Not tainted 5.16.0-rc2-syzk #1 Hardware name: Red Hat KVM, BIOS Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106 print_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:247 kasan_report_invalid_free+0x55/0x80 mm/kasan/report.c:372 ____kasan_slab_free mm/kasan/common.c:346 [inline] __kasan_slab_free+0x107/0x120 mm/kasan/common.c:374 kasan_slab_free include/linux/kasan.h:235 [inline] slab_free_hook mm/slub.c:1723 [inline] slab_free_freelist_hook mm/slub.c:1749 [inline] slab_free mm/slub.c:3513 [inline] kfree+0xac/0x2d0 mm/slub.c:4561 selinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605 security_tun_dev_free_security+0x4f/0x90 security/security.c:2342 tun_free_netdev+0xe6/0x150 drivers/net/tun.c:2215 netdev_run_todo+0x4df/0x840 net/core/dev.c:10627 rtnl_unlock+0x13/0x20 net/core/rtnetlink.c:112 __tun_chr_ioctl+0x80c/0x2870 drivers/net/tun.c:3302 tun_chr_ioctl+0x2f/0x40 drivers/net/tun.c:3311 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline] __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae

Severity

No CVSS data available.

Assigner

Linux

References

5 references

URL	Tags
https://git.kernel.org/stable/c/8eb43d635950e27c2…
https://git.kernel.org/stable/c/0c0e566f0387490d1…
https://git.kernel.org/stable/c/a01a4e9f5dc93335c…
https://git.kernel.org/stable/c/3cb5ae77799e8ed6e…
https://git.kernel.org/stable/c/158b515f703e75e7d…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 662ca437e714caaab855b12415d6ffd815985bc0 , < 8eb43d635950e27c29f1e9e49a23b31637f37757 (git) Affected: 662ca437e714caaab855b12415d6ffd815985bc0 , < 0c0e566f0387490d16f166808c72e9c772027681 (git) Affected: 662ca437e714caaab855b12415d6ffd815985bc0 , < a01a4e9f5dc93335c716fa4023b1901956e8c904 (git) Affected: 662ca437e714caaab855b12415d6ffd815985bc0 , < 3cb5ae77799e8ed6ec3fec0b6b4cd07f01650cc5 (git) Affected: 662ca437e714caaab855b12415d6ffd815985bc0 , < 158b515f703e75e7d68289bf4d98c664e1d632df (git) Affected: a81a02460bdf054ca0c60c5aed29941f7134092d (git) Affected: 6fc265f7a86d81e052508d03da555188f5882c3e (git) Affected: 3.10.16 , < 3.11 (semver) Affected: 3.11.5 , < 3.12 (semver)
Linux	Linux	Affected: 3.12 Unaffected: 0 , < 3.12 (semver) Unaffected: 4.19.280 , ≤ 4.19.* (semver) Unaffected: 5.4.240 , ≤ 5.4.* (semver) Unaffected: 5.10.136 , ≤ 5.10.* (semver) Unaffected: 5.15.12 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47082",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-05T16:05:48.438280Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:14:25.499Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:39.695Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8eb43d635950e27c29f1e9e49a23b31637f37757"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c0e566f0387490d16f166808c72e9c772027681"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a01a4e9f5dc93335c716fa4023b1901956e8c904"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3cb5ae77799e8ed6ec3fec0b6b4cd07f01650cc5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/158b515f703e75e7d68289bf4d98c664e1d632df"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/tun.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8eb43d635950e27c29f1e9e49a23b31637f37757",
              "status": "affected",
              "version": "662ca437e714caaab855b12415d6ffd815985bc0",
              "versionType": "git"
            },
            {
              "lessThan": "0c0e566f0387490d16f166808c72e9c772027681",
              "status": "affected",
              "version": "662ca437e714caaab855b12415d6ffd815985bc0",
              "versionType": "git"
            },
            {
              "lessThan": "a01a4e9f5dc93335c716fa4023b1901956e8c904",
              "status": "affected",
              "version": "662ca437e714caaab855b12415d6ffd815985bc0",
              "versionType": "git"
            },
            {
              "lessThan": "3cb5ae77799e8ed6ec3fec0b6b4cd07f01650cc5",
              "status": "affected",
              "version": "662ca437e714caaab855b12415d6ffd815985bc0",
              "versionType": "git"
            },
            {
              "lessThan": "158b515f703e75e7d68289bf4d98c664e1d632df",
              "status": "affected",
              "version": "662ca437e714caaab855b12415d6ffd815985bc0",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a81a02460bdf054ca0c60c5aed29941f7134092d",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "6fc265f7a86d81e052508d03da555188f5882c3e",
              "versionType": "git"
            },
            {
              "lessThan": "3.11",
              "status": "affected",
              "version": "3.10.16",
              "versionType": "semver"
            },
            {
              "lessThan": "3.12",
              "status": "affected",
              "version": "3.11.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/tun.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.12"
            },
            {
              "lessThan": "3.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.240",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.136",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.280",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.240",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.136",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.12",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.10.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.11.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntun: avoid double free in tun_free_netdev\n\nAvoid double free in tun_free_netdev() by moving the\ndev-\u003etstats and tun-\u003esecurity allocs to a new ndo_init routine\n(tun_net_init()) that will be called by register_netdevice().\nndo_init is paired with the desctructor (tun_free_netdev()),\nso if there\u0027s an error in register_netdevice() the destructor\nwill handle the frees.\n\nBUG: KASAN: double-free or invalid-free in selinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605\n\nCPU: 0 PID: 25750 Comm: syz-executor416 Not tainted 5.16.0-rc2-syzk #1\nHardware name: Red Hat KVM, BIOS\nCall Trace:\n\u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106\nprint_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:247\nkasan_report_invalid_free+0x55/0x80 mm/kasan/report.c:372\n____kasan_slab_free mm/kasan/common.c:346 [inline]\n__kasan_slab_free+0x107/0x120 mm/kasan/common.c:374\nkasan_slab_free include/linux/kasan.h:235 [inline]\nslab_free_hook mm/slub.c:1723 [inline]\nslab_free_freelist_hook mm/slub.c:1749 [inline]\nslab_free mm/slub.c:3513 [inline]\nkfree+0xac/0x2d0 mm/slub.c:4561\nselinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605\nsecurity_tun_dev_free_security+0x4f/0x90 security/security.c:2342\ntun_free_netdev+0xe6/0x150 drivers/net/tun.c:2215\nnetdev_run_todo+0x4df/0x840 net/core/dev.c:10627\nrtnl_unlock+0x13/0x20 net/core/rtnetlink.c:112\n__tun_chr_ioctl+0x80c/0x2870 drivers/net/tun.c:3302\ntun_chr_ioctl+0x2f/0x40 drivers/net/tun.c:3311\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:874 [inline]\n__se_sys_ioctl fs/ioctl.c:860 [inline]\n__x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x44/0xae"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:19:15.528Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8eb43d635950e27c29f1e9e49a23b31637f37757"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c0e566f0387490d16f166808c72e9c772027681"
        },
        {
          "url": "https://git.kernel.org/stable/c/a01a4e9f5dc93335c716fa4023b1901956e8c904"
        },
        {
          "url": "https://git.kernel.org/stable/c/3cb5ae77799e8ed6ec3fec0b6b4cd07f01650cc5"
        },
        {
          "url": "https://git.kernel.org/stable/c/158b515f703e75e7d68289bf4d98c664e1d632df"
        }
      ],
      "title": "tun: avoid double free in tun_free_netdev",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47082",
    "datePublished": "2024-03-04T18:06:17.081Z",
    "dateReserved": "2024-02-29T22:33:44.298Z",
    "dateUpdated": "2026-05-23T15:19:15.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2024-AVI-0329

Solution

CVE-2021-46925 (GCVE-0-2021-46925)

CVE-2021-46926 (GCVE-0-2021-46926)

CVE-2021-46927 (GCVE-0-2021-46927)

CVE-2021-46929 (GCVE-0-2021-46929)

CVE-2021-46930 (GCVE-0-2021-46930)

CVE-2021-46931 (GCVE-0-2021-46931)

CVE-2021-46933 (GCVE-0-2021-46933)

CVE-2021-46934 (GCVE-0-2021-46934)

CVE-2021-46936 (GCVE-0-2021-46936)

CVE-2021-47082 (GCVE-0-2021-47082)

Tags

Sightings

Nomenclature