CVE-2021-46916 (GCVE-0-2021-46916)

Vulnerability from cvelistv5 – Published: 2024-02-27 06:53 – Updated: 2025-05-04 07:00
VLAI?
Summary
In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix NULL pointer dereference in ethtool loopback test The ixgbe driver currently generates a NULL pointer dereference when performing the ethtool loopback test. This is due to the fact that there isn't a q_vector associated with the test ring when it is setup as interrupts are not normally added to the test rings. To address this I have added code that will check for a q_vector before returning a napi_id value. If a q_vector is not present it will return a value of 0.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: b02e5a0ebb172c8276cea3151942aac681f7a4a6 , < 758d19098df4b0bbca9f40d6ae6c82c9c18b9bba (git)
Affected: b02e5a0ebb172c8276cea3151942aac681f7a4a6 , < 31166efb1cee348eb6314e9c0095d84cbeb66b9d (git)
Create a notification for this product.
    Linux Linux Affected: 5.11
Unaffected: 0 , < 5.11 (semver)
Unaffected: 5.11.16 , ≤ 5.11.* (semver)
Unaffected: 5.12 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.887Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46916",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:02:07.223543Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:31.253Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/ixgbe/ixgbe_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "758d19098df4b0bbca9f40d6ae6c82c9c18b9bba",
              "status": "affected",
              "version": "b02e5a0ebb172c8276cea3151942aac681f7a4a6",
              "versionType": "git"
            },
            {
              "lessThan": "31166efb1cee348eb6314e9c0095d84cbeb66b9d",
              "status": "affected",
              "version": "b02e5a0ebb172c8276cea3151942aac681f7a4a6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/ixgbe/ixgbe_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.11.16",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: Fix NULL pointer dereference in ethtool loopback test\n\nThe ixgbe driver currently generates a NULL pointer dereference when\nperforming the ethtool loopback test. This is due to the fact that there\nisn\u0027t a q_vector associated with the test ring when it is setup as\ninterrupts are not normally added to the test rings.\n\nTo address this I have added code that will check for a q_vector before\nreturning a napi_id value. If a q_vector is not present it will return a\nvalue of 0."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:00:17.679Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba"
        },
        {
          "url": "https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d"
        }
      ],
      "title": "ixgbe: Fix NULL pointer dereference in ethtool loopback test",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46916",
    "datePublished": "2024-02-27T06:53:54.775Z",
    "dateReserved": "2024-02-25T13:45:52.719Z",
    "dateUpdated": "2025-05-04T07:00:17.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.11.0\", \"versionEndExcluding\": \"5.11.16\", \"matchCriteriaId\": \"3C5242B9-B5BD-4578-AD66-69DF59D54A14\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nixgbe: Fix NULL pointer dereference in ethtool loopback test\\n\\nThe ixgbe driver currently generates a NULL pointer dereference when\\nperforming the ethtool loopback test. This is due to the fact that there\\nisn\u0027t a q_vector associated with the test ring when it is setup as\\ninterrupts are not normally added to the test rings.\\n\\nTo address this I have added code that will check for a q_vector before\\nreturning a napi_id value. If a q_vector is not present it will return a\\nvalue of 0.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se resolvi\\u00f3 la siguiente vulnerabilidad: ixgbe: corrige la desreferencia de puntero NULL en la prueba de bucle invertido de ethtool. El controlador ixgbe actualmente genera una desreferencia de puntero NULL cuando se realiza la prueba de bucle invertido de ethtool. Esto se debe al hecho de que no hay un q_vector asociado con el anillo de prueba cuando se configura, ya que normalmente no se agregan interrupciones a los anillos de prueba. Para solucionar esto, agregu\\u00e9 un c\\u00f3digo que verificar\\u00e1 si hay un q_vector antes de devolver un valor de napi_id. Si un q_vector no est\\u00e1 presente, devolver\\u00e1 un valor de 0.\"}]",
      "id": "CVE-2021-46916",
      "lastModified": "2024-11-21T06:34:55.573",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2024-02-27T07:15:08.250",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-46916\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-27T07:15:08.250\",\"lastModified\":\"2024-11-21T06:34:55.573\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nixgbe: Fix NULL pointer dereference in ethtool loopback test\\n\\nThe ixgbe driver currently generates a NULL pointer dereference when\\nperforming the ethtool loopback test. This is due to the fact that there\\nisn\u0027t a q_vector associated with the test ring when it is setup as\\ninterrupts are not normally added to the test rings.\\n\\nTo address this I have added code that will check for a q_vector before\\nreturning a napi_id value. If a q_vector is not present it will return a\\nvalue of 0.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ixgbe: corrige la desreferencia de puntero NULL en la prueba de bucle invertido de ethtool. El controlador ixgbe actualmente genera una desreferencia de puntero NULL cuando se realiza la prueba de bucle invertido de ethtool. Esto se debe al hecho de que no hay un q_vector asociado con el anillo de prueba cuando se configura, ya que normalmente no se agregan interrupciones a los anillos de prueba. Para solucionar esto, agregu\u00e9 un c\u00f3digo que verificar\u00e1 si hay un q_vector antes de devolver un valor de napi_id. Si un q_vector no est\u00e1 presente, devolver\u00e1 un valor de 0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11.0\",\"versionEndExcluding\":\"5.11.16\",\"matchCriteriaId\":\"3C5242B9-B5BD-4578-AD66-69DF59D54A14\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T05:17:42.887Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-46916\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T16:02:07.223543Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:17.123Z\"}}], \"cna\": {\"title\": \"ixgbe: Fix NULL pointer dereference in ethtool loopback test\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"b02e5a0ebb172c8276cea3151942aac681f7a4a6\", \"lessThan\": \"758d19098df4b0bbca9f40d6ae6c82c9c18b9bba\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"b02e5a0ebb172c8276cea3151942aac681f7a4a6\", \"lessThan\": \"31166efb1cee348eb6314e9c0095d84cbeb66b9d\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/net/ethernet/intel/ixgbe/ixgbe_main.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.11\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.11\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.11.16\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.11.*\"}, {\"status\": \"unaffected\", \"version\": \"5.12\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/net/ethernet/intel/ixgbe/ixgbe_main.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba\"}, {\"url\": \"https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nixgbe: Fix NULL pointer dereference in ethtool loopback test\\n\\nThe ixgbe driver currently generates a NULL pointer dereference when\\nperforming the ethtool loopback test. This is due to the fact that there\\nisn\u0027t a q_vector associated with the test ring when it is setup as\\ninterrupts are not normally added to the test rings.\\n\\nTo address this I have added code that will check for a q_vector before\\nreturning a napi_id value. If a q_vector is not present it will return a\\nvalue of 0.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.11.16\", \"versionStartIncluding\": \"5.11\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.12\", \"versionStartIncluding\": \"5.11\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T07:00:17.679Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-46916\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T07:00:17.679Z\", \"dateReserved\": \"2024-02-25T13:45:52.719Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-02-27T06:53:54.775Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.