CVE-2021-46964 (GCVE-0-2021-46964)

Vulnerability from cvelistv5 – Published: 2024-02-27 18:47 – Updated: 2026-05-11 13:45
VLAI
Title
scsi: qla2xxx: Reserve extra IRQ vectors
Summary
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Reserve extra IRQ vectors Commit a6dcfe08487e ("scsi: qla2xxx: Limit interrupt vectors to number of CPUs") lowers the number of allocated MSI-X vectors to the number of CPUs. That breaks vector allocation assumptions in qla83xx_iospace_config(), qla24xx_enable_msix() and qla2x00_iospace_config(). Either of the functions computes maximum number of qpairs as: ha->max_qpairs = ha->msix_count - 1 (MB interrupt) - 1 (default response queue) - 1 (ATIO, in dual or pure target mode) max_qpairs is set to zero in case of two CPUs and initiator mode. The number is then used to allocate ha->queue_pair_map inside qla2x00_alloc_queues(). No allocation happens and ha->queue_pair_map is left NULL but the driver thinks there are queue pairs available. qla2xxx_queuecommand() tries to find a qpair in the map and crashes: if (ha->mqenable) { uint32_t tag; uint16_t hwq; struct qla_qpair *qpair = NULL; tag = blk_mq_unique_tag(cmd->request); hwq = blk_mq_unique_tag_to_hwq(tag); qpair = ha->queue_pair_map[hwq]; # <- HERE if (qpair) return qla2xxx_mqueuecommand(host, cmd, qpair); } BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 0 PID: 72 Comm: kworker/u4:3 Tainted: G W 5.10.0-rc1+ #25 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014 Workqueue: scsi_wq_7 fc_scsi_scan_rport [scsi_transport_fc] RIP: 0010:qla2xxx_queuecommand+0x16b/0x3f0 [qla2xxx] Call Trace: scsi_queue_rq+0x58c/0xa60 blk_mq_dispatch_rq_list+0x2b7/0x6f0 ? __sbitmap_get_word+0x2a/0x80 __blk_mq_sched_dispatch_requests+0xb8/0x170 blk_mq_sched_dispatch_requests+0x2b/0x50 __blk_mq_run_hw_queue+0x49/0xb0 __blk_mq_delay_run_hw_queue+0xfb/0x150 blk_mq_sched_insert_request+0xbe/0x110 blk_execute_rq+0x45/0x70 __scsi_execute+0x10e/0x250 scsi_probe_and_add_lun+0x228/0xda0 __scsi_scan_target+0xf4/0x620 ? __pm_runtime_resume+0x4f/0x70 scsi_scan_target+0x100/0x110 fc_scsi_scan_rport+0xa1/0xb0 [scsi_transport_fc] process_one_work+0x1ea/0x3b0 worker_thread+0x28/0x3b0 ? process_one_work+0x3b0/0x3b0 kthread+0x112/0x130 ? kthread_park+0x80/0x80 ret_from_fork+0x22/0x30 The driver should allocate enough vectors to provide every CPU it's own HW queue and still handle reserved (MB, RSP, ATIO) interrupts. The change fixes the crash on dual core VM and prevents unbalanced QP allocation where nr_hw_queues is two less than the number of CPUs.
Severity
No CVSS data available.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: a6dcfe08487e5e83b6b4214c959a9577a9ed2d9f , < 4ecd42dec858b6632c5f024fe13e9ad6c30f2734 (git)
Affected: a6dcfe08487e5e83b6b4214c959a9577a9ed2d9f , < 0f86d66b38501e3ac66cf2d9f9f8ad6838bad0e6 (git)
Affected: a6dcfe08487e5e83b6b4214c959a9577a9ed2d9f , < f02d4086a8f36a0e1aaebf559b54cf24a177a486 (git)
Create a notification for this product.
Linux Linux Affected: 5.11
Unaffected: 0 , < 5.11 (semver)
Unaffected: 5.11.20 , ≤ 5.11.* (semver)
Unaffected: 5.12.3 , ≤ 5.12.* (semver)
Unaffected: 5.13 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:43.024Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4ecd42dec858b6632c5f024fe13e9ad6c30f2734"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0f86d66b38501e3ac66cf2d9f9f8ad6838bad0e6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f02d4086a8f36a0e1aaebf559b54cf24a177a486"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46964",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:01:34.918435Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:46.679Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/qla2xxx/qla_isr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4ecd42dec858b6632c5f024fe13e9ad6c30f2734",
              "status": "affected",
              "version": "a6dcfe08487e5e83b6b4214c959a9577a9ed2d9f",
              "versionType": "git"
            },
            {
              "lessThan": "0f86d66b38501e3ac66cf2d9f9f8ad6838bad0e6",
              "status": "affected",
              "version": "a6dcfe08487e5e83b6b4214c959a9577a9ed2d9f",
              "versionType": "git"
            },
            {
              "lessThan": "f02d4086a8f36a0e1aaebf559b54cf24a177a486",
              "status": "affected",
              "version": "a6dcfe08487e5e83b6b4214c959a9577a9ed2d9f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/qla2xxx/qla_isr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.20",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.11.20",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.3",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Reserve extra IRQ vectors\n\nCommit a6dcfe08487e (\"scsi: qla2xxx: Limit interrupt vectors to number of\nCPUs\") lowers the number of allocated MSI-X vectors to the number of CPUs.\n\nThat breaks vector allocation assumptions in qla83xx_iospace_config(),\nqla24xx_enable_msix() and qla2x00_iospace_config(). Either of the functions\ncomputes maximum number of qpairs as:\n\n  ha-\u003emax_qpairs = ha-\u003emsix_count - 1 (MB interrupt) - 1 (default\n                   response queue) - 1 (ATIO, in dual or pure target mode)\n\nmax_qpairs is set to zero in case of two CPUs and initiator mode. The\nnumber is then used to allocate ha-\u003equeue_pair_map inside\nqla2x00_alloc_queues(). No allocation happens and ha-\u003equeue_pair_map is\nleft NULL but the driver thinks there are queue pairs available.\n\nqla2xxx_queuecommand() tries to find a qpair in the map and crashes:\n\n  if (ha-\u003emqenable) {\n          uint32_t tag;\n          uint16_t hwq;\n          struct qla_qpair *qpair = NULL;\n\n          tag = blk_mq_unique_tag(cmd-\u003erequest);\n          hwq = blk_mq_unique_tag_to_hwq(tag);\n          qpair = ha-\u003equeue_pair_map[hwq]; # \u003c- HERE\n\n          if (qpair)\n                  return qla2xxx_mqueuecommand(host, cmd, qpair);\n  }\n\n  BUG: kernel NULL pointer dereference, address: 0000000000000000\n  #PF: supervisor read access in kernel mode\n  #PF: error_code(0x0000) - not-present page\n  PGD 0 P4D 0\n  Oops: 0000 [#1] SMP PTI\n  CPU: 0 PID: 72 Comm: kworker/u4:3 Tainted: G        W         5.10.0-rc1+ #25\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014\n  Workqueue: scsi_wq_7 fc_scsi_scan_rport [scsi_transport_fc]\n  RIP: 0010:qla2xxx_queuecommand+0x16b/0x3f0 [qla2xxx]\n  Call Trace:\n   scsi_queue_rq+0x58c/0xa60\n   blk_mq_dispatch_rq_list+0x2b7/0x6f0\n   ? __sbitmap_get_word+0x2a/0x80\n   __blk_mq_sched_dispatch_requests+0xb8/0x170\n   blk_mq_sched_dispatch_requests+0x2b/0x50\n   __blk_mq_run_hw_queue+0x49/0xb0\n   __blk_mq_delay_run_hw_queue+0xfb/0x150\n   blk_mq_sched_insert_request+0xbe/0x110\n   blk_execute_rq+0x45/0x70\n   __scsi_execute+0x10e/0x250\n   scsi_probe_and_add_lun+0x228/0xda0\n   __scsi_scan_target+0xf4/0x620\n   ? __pm_runtime_resume+0x4f/0x70\n   scsi_scan_target+0x100/0x110\n   fc_scsi_scan_rport+0xa1/0xb0 [scsi_transport_fc]\n   process_one_work+0x1ea/0x3b0\n   worker_thread+0x28/0x3b0\n   ? process_one_work+0x3b0/0x3b0\n   kthread+0x112/0x130\n   ? kthread_park+0x80/0x80\n   ret_from_fork+0x22/0x30\n\nThe driver should allocate enough vectors to provide every CPU it\u0027s own HW\nqueue and still handle reserved (MB, RSP, ATIO) interrupts.\n\nThe change fixes the crash on dual core VM and prevents unbalanced QP\nallocation where nr_hw_queues is two less than the number of CPUs."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:45:20.138Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4ecd42dec858b6632c5f024fe13e9ad6c30f2734"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f86d66b38501e3ac66cf2d9f9f8ad6838bad0e6"
        },
        {
          "url": "https://git.kernel.org/stable/c/f02d4086a8f36a0e1aaebf559b54cf24a177a486"
        }
      ],
      "title": "scsi: qla2xxx: Reserve extra IRQ vectors",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46964",
    "datePublished": "2024-02-27T18:47:02.404Z",
    "dateReserved": "2024-02-27T18:42:55.942Z",
    "dateUpdated": "2026-05-11T13:45:20.138Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-46964",
      "date": "2026-06-28",
      "epss": "0.00225",
      "percentile": "0.13061"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.11\", \"versionEndExcluding\": \"5.11.20\", \"matchCriteriaId\": \"EEC03413-9760-46D4-AC1D-EB084A1D4111\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.12\", \"versionEndExcluding\": \"5.12.3\", \"matchCriteriaId\": \"F9D6B2DE-7E4A-4B3B-9AEE-3A2C5F23DA32\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: qla2xxx: Reserve extra IRQ vectors\\n\\nCommit a6dcfe08487e (\\\"scsi: qla2xxx: Limit interrupt vectors to number of\\nCPUs\\\") lowers the number of allocated MSI-X vectors to the number of CPUs.\\n\\nThat breaks vector allocation assumptions in qla83xx_iospace_config(),\\nqla24xx_enable_msix() and qla2x00_iospace_config(). Either of the functions\\ncomputes maximum number of qpairs as:\\n\\n  ha-\u003emax_qpairs = ha-\u003emsix_count - 1 (MB interrupt) - 1 (default\\n                   response queue) - 1 (ATIO, in dual or pure target mode)\\n\\nmax_qpairs is set to zero in case of two CPUs and initiator mode. The\\nnumber is then used to allocate ha-\u003equeue_pair_map inside\\nqla2x00_alloc_queues(). No allocation happens and ha-\u003equeue_pair_map is\\nleft NULL but the driver thinks there are queue pairs available.\\n\\nqla2xxx_queuecommand() tries to find a qpair in the map and crashes:\\n\\n  if (ha-\u003emqenable) {\\n          uint32_t tag;\\n          uint16_t hwq;\\n          struct qla_qpair *qpair = NULL;\\n\\n          tag = blk_mq_unique_tag(cmd-\u003erequest);\\n          hwq = blk_mq_unique_tag_to_hwq(tag);\\n          qpair = ha-\u003equeue_pair_map[hwq]; # \u003c- HERE\\n\\n          if (qpair)\\n                  return qla2xxx_mqueuecommand(host, cmd, qpair);\\n  }\\n\\n  BUG: kernel NULL pointer dereference, address: 0000000000000000\\n  #PF: supervisor read access in kernel mode\\n  #PF: error_code(0x0000) - not-present page\\n  PGD 0 P4D 0\\n  Oops: 0000 [#1] SMP PTI\\n  CPU: 0 PID: 72 Comm: kworker/u4:3 Tainted: G        W         5.10.0-rc1+ #25\\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014\\n  Workqueue: scsi_wq_7 fc_scsi_scan_rport [scsi_transport_fc]\\n  RIP: 0010:qla2xxx_queuecommand+0x16b/0x3f0 [qla2xxx]\\n  Call Trace:\\n   scsi_queue_rq+0x58c/0xa60\\n   blk_mq_dispatch_rq_list+0x2b7/0x6f0\\n   ? __sbitmap_get_word+0x2a/0x80\\n   __blk_mq_sched_dispatch_requests+0xb8/0x170\\n   blk_mq_sched_dispatch_requests+0x2b/0x50\\n   __blk_mq_run_hw_queue+0x49/0xb0\\n   __blk_mq_delay_run_hw_queue+0xfb/0x150\\n   blk_mq_sched_insert_request+0xbe/0x110\\n   blk_execute_rq+0x45/0x70\\n   __scsi_execute+0x10e/0x250\\n   scsi_probe_and_add_lun+0x228/0xda0\\n   __scsi_scan_target+0xf4/0x620\\n   ? __pm_runtime_resume+0x4f/0x70\\n   scsi_scan_target+0x100/0x110\\n   fc_scsi_scan_rport+0xa1/0xb0 [scsi_transport_fc]\\n   process_one_work+0x1ea/0x3b0\\n   worker_thread+0x28/0x3b0\\n   ? process_one_work+0x3b0/0x3b0\\n   kthread+0x112/0x130\\n   ? kthread_park+0x80/0x80\\n   ret_from_fork+0x22/0x30\\n\\nThe driver should allocate enough vectors to provide every CPU it\u0027s own HW\\nqueue and still handle reserved (MB, RSP, ATIO) interrupts.\\n\\nThe change fixes the crash on dual core VM and prevents unbalanced QP\\nallocation where nr_hw_queues is two less than the number of CPUs.\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: reservar vectores IRQ adicionales el commit a6dcfe08487e (\\\"scsi: qla2xxx: limitar los vectores de interrupci\\u00f3n al n\\u00famero de CPU\\\") reduce el n\\u00famero de vectores MSI-X asignados al n\\u00famero de CPU. Eso rompe los supuestos de asignaci\\u00f3n de vectores en qla83xx_iospace_config(), qla24xx_enable_msix() y qla2x00_iospace_config(). Cualquiera de las funciones calcula el n\\u00famero m\\u00e1ximo de qpairs como: ha-\u0026gt;max_qpairs = ha-\u0026gt;msix_count - 1 (interrupci\\u00f3n de MB) - 1 (cola de respuesta predeterminada) - 1 (ATIO, en modo de destino dual o puro) max_qpairs se establece en cero en caso de dos CPU y modo iniciador. Luego, el n\\u00famero se usa para asignar ha-\u0026gt;queue_pair_map dentro de qla2x00_alloc_queues(). No se produce ninguna asignaci\\u00f3n y ha-\u0026gt;queue_pair_map se deja NULL pero el controlador cree que hay pares de colas disponibles. qla2xxx_queuecommand() intenta encontrar un qpair en el mapa y falla: if (ha-\u0026gt;mqenable) { uint32_t tag; uint16_t hwq; estructura qla_qpair *qpair = NULL; etiqueta = blk_mq_unique_tag(cmd-\u0026gt;solicitud); hwq = blk_mq_unique_tag_to_hwq(etiqueta); qpair = ha-\u0026gt;queue_pair_map[hwq]; # \u0026lt;- AQU\\u00cd si (qpair) return qla2xxx_mqueuecommand(host, cmd, qpair); } ERROR: desreferencia del puntero NULL del kernel, direcci\\u00f3n: 0000000000000000 #PF: acceso de lectura del supervisor en modo kernel #PF: c\\u00f3digo_error(0x0000) - p\\u00e1gina no presente PGD 0 P4D 0 Vaya: 0000 [#1] CPU SMP PTI: 0 PID: 72 Comunicaciones: kworker/u4:3 Contaminado: GW 5.10.0-rc1+ #25 Nombre del hardware: PC est\\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 01/04/2014 Cola de trabajo : scsi_wq_7 fc_scsi_scan_rport [scsi_transport_fc] RIP: 0010:qla2xxx_queuecommand+0x16b/0x3f0 [qla2xxx] Seguimiento de llamadas: scsi_queue_rq+0x58c/0xa60 blk_mq_dispatch_rq_list+0x2b7/0x6f0? __sbitmap_get_word+0x2a/0x80 __blk_mq_sched_dispatch_requests+0xb8/0x170 blk_mq_sched_dispatch_requests+0x2b/0x50 __blk_mq_run_hw_queue+0x49/0xb0 __blk_mq_delay_run_hw_queue+0xfb/0 x150 blk_mq_sched_insert_request+0xbe/0x110 blk_execute_rq+0x45/0x70 __scsi_execute+0x10e/0x250 scsi_probe_and_add_lun+0x228/0xda0 __scsi_scan_target+0xf4/0x620 ? __pm_runtime_resume+0x4f/0x70 scsi_scan_target+0x100/0x110 fc_scsi_scan_rport+0xa1/0xb0 [scsi_transport_fc] Process_one_work+0x1ea/0x3b0 trabajador_thread+0x28/0x3b0 ? proceso_one_work+0x3b0/0x3b0 kthread+0x112/0x130 ? kthread_park+0x80/0x80 ret_from_fork+0x22/0x30 El controlador debe asignar suficientes vectores para proporcionar a cada CPU su propia cola de hardware y a\\u00fan manejar interrupciones reservadas (MB, RSP, ATIO). El cambio corrige el fallo en la m\\u00e1quina virtual de doble n\\u00facleo y evita la asignaci\\u00f3n de QP desequilibrada donde nr_hw_queues es dos menos que la cantidad de CPU.\"}]",
      "id": "CVE-2021-46964",
      "lastModified": "2025-01-08T16:23:53.553",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2024-02-27T19:04:07.043",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/0f86d66b38501e3ac66cf2d9f9f8ad6838bad0e6\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/4ecd42dec858b6632c5f024fe13e9ad6c30f2734\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/f02d4086a8f36a0e1aaebf559b54cf24a177a486\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/0f86d66b38501e3ac66cf2d9f9f8ad6838bad0e6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/4ecd42dec858b6632c5f024fe13e9ad6c30f2734\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/f02d4086a8f36a0e1aaebf559b54cf24a177a486\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-46964\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-27T19:04:07.043\",\"lastModified\":\"2026-06-17T04:16:00.477\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: qla2xxx: Reserve extra IRQ vectors\\n\\nCommit a6dcfe08487e (\\\"scsi: qla2xxx: Limit interrupt vectors to number of\\nCPUs\\\") lowers the number of allocated MSI-X vectors to the number of CPUs.\\n\\nThat breaks vector allocation assumptions in qla83xx_iospace_config(),\\nqla24xx_enable_msix() and qla2x00_iospace_config(). Either of the functions\\ncomputes maximum number of qpairs as:\\n\\n  ha-\u003emax_qpairs = ha-\u003emsix_count - 1 (MB interrupt) - 1 (default\\n                   response queue) - 1 (ATIO, in dual or pure target mode)\\n\\nmax_qpairs is set to zero in case of two CPUs and initiator mode. The\\nnumber is then used to allocate ha-\u003equeue_pair_map inside\\nqla2x00_alloc_queues(). No allocation happens and ha-\u003equeue_pair_map is\\nleft NULL but the driver thinks there are queue pairs available.\\n\\nqla2xxx_queuecommand() tries to find a qpair in the map and crashes:\\n\\n  if (ha-\u003emqenable) {\\n          uint32_t tag;\\n          uint16_t hwq;\\n          struct qla_qpair *qpair = NULL;\\n\\n          tag = blk_mq_unique_tag(cmd-\u003erequest);\\n          hwq = blk_mq_unique_tag_to_hwq(tag);\\n          qpair = ha-\u003equeue_pair_map[hwq]; # \u003c- HERE\\n\\n          if (qpair)\\n                  return qla2xxx_mqueuecommand(host, cmd, qpair);\\n  }\\n\\n  BUG: kernel NULL pointer dereference, address: 0000000000000000\\n  #PF: supervisor read access in kernel mode\\n  #PF: error_code(0x0000) - not-present page\\n  PGD 0 P4D 0\\n  Oops: 0000 [#1] SMP PTI\\n  CPU: 0 PID: 72 Comm: kworker/u4:3 Tainted: G        W         5.10.0-rc1+ #25\\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014\\n  Workqueue: scsi_wq_7 fc_scsi_scan_rport [scsi_transport_fc]\\n  RIP: 0010:qla2xxx_queuecommand+0x16b/0x3f0 [qla2xxx]\\n  Call Trace:\\n   scsi_queue_rq+0x58c/0xa60\\n   blk_mq_dispatch_rq_list+0x2b7/0x6f0\\n   ? __sbitmap_get_word+0x2a/0x80\\n   __blk_mq_sched_dispatch_requests+0xb8/0x170\\n   blk_mq_sched_dispatch_requests+0x2b/0x50\\n   __blk_mq_run_hw_queue+0x49/0xb0\\n   __blk_mq_delay_run_hw_queue+0xfb/0x150\\n   blk_mq_sched_insert_request+0xbe/0x110\\n   blk_execute_rq+0x45/0x70\\n   __scsi_execute+0x10e/0x250\\n   scsi_probe_and_add_lun+0x228/0xda0\\n   __scsi_scan_target+0xf4/0x620\\n   ? __pm_runtime_resume+0x4f/0x70\\n   scsi_scan_target+0x100/0x110\\n   fc_scsi_scan_rport+0xa1/0xb0 [scsi_transport_fc]\\n   process_one_work+0x1ea/0x3b0\\n   worker_thread+0x28/0x3b0\\n   ? process_one_work+0x3b0/0x3b0\\n   kthread+0x112/0x130\\n   ? kthread_park+0x80/0x80\\n   ret_from_fork+0x22/0x30\\n\\nThe driver should allocate enough vectors to provide every CPU it\u0027s own HW\\nqueue and still handle reserved (MB, RSP, ATIO) interrupts.\\n\\nThe change fixes the crash on dual core VM and prevents unbalanced QP\\nallocation where nr_hw_queues is two less than the number of CPUs.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: reservar vectores IRQ adicionales el commit a6dcfe08487e (\\\"scsi: qla2xxx: limitar los vectores de interrupci\u00f3n al n\u00famero de CPU\\\") reduce el n\u00famero de vectores MSI-X asignados al n\u00famero de CPU. Eso rompe los supuestos de asignaci\u00f3n de vectores en qla83xx_iospace_config(), qla24xx_enable_msix() y qla2x00_iospace_config(). Cualquiera de las funciones calcula el n\u00famero m\u00e1ximo de qpairs como: ha-\u0026gt;max_qpairs = ha-\u0026gt;msix_count - 1 (interrupci\u00f3n de MB) - 1 (cola de respuesta predeterminada) - 1 (ATIO, en modo de destino dual o puro) max_qpairs se establece en cero en caso de dos CPU y modo iniciador. Luego, el n\u00famero se usa para asignar ha-\u0026gt;queue_pair_map dentro de qla2x00_alloc_queues(). No se produce ninguna asignaci\u00f3n y ha-\u0026gt;queue_pair_map se deja NULL pero el controlador cree que hay pares de colas disponibles. qla2xxx_queuecommand() intenta encontrar un qpair en el mapa y falla: if (ha-\u0026gt;mqenable) { uint32_t tag; uint16_t hwq; estructura qla_qpair *qpair = NULL; etiqueta = blk_mq_unique_tag(cmd-\u0026gt;solicitud); hwq = blk_mq_unique_tag_to_hwq(etiqueta); qpair = ha-\u0026gt;queue_pair_map[hwq]; # \u0026lt;- AQU\u00cd si (qpair) return qla2xxx_mqueuecommand(host, cmd, qpair); } ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000000 #PF: acceso de lectura del supervisor en modo kernel #PF: c\u00f3digo_error(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Vaya: 0000 [#1] CPU SMP PTI: 0 PID: 72 Comunicaciones: kworker/u4:3 Contaminado: GW 5.10.0-rc1+ #25 Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 01/04/2014 Cola de trabajo : scsi_wq_7 fc_scsi_scan_rport [scsi_transport_fc] RIP: 0010:qla2xxx_queuecommand+0x16b/0x3f0 [qla2xxx] Seguimiento de llamadas: scsi_queue_rq+0x58c/0xa60 blk_mq_dispatch_rq_list+0x2b7/0x6f0? __sbitmap_get_word+0x2a/0x80 __blk_mq_sched_dispatch_requests+0xb8/0x170 blk_mq_sched_dispatch_requests+0x2b/0x50 __blk_mq_run_hw_queue+0x49/0xb0 __blk_mq_delay_run_hw_queue+0xfb/0 x150 blk_mq_sched_insert_request+0xbe/0x110 blk_execute_rq+0x45/0x70 __scsi_execute+0x10e/0x250 scsi_probe_and_add_lun+0x228/0xda0 __scsi_scan_target+0xf4/0x620 ? __pm_runtime_resume+0x4f/0x70 scsi_scan_target+0x100/0x110 fc_scsi_scan_rport+0xa1/0xb0 [scsi_transport_fc] Process_one_work+0x1ea/0x3b0 trabajador_thread+0x28/0x3b0 ? proceso_one_work+0x3b0/0x3b0 kthread+0x112/0x130 ? kthread_park+0x80/0x80 ret_from_fork+0x22/0x30 El controlador debe asignar suficientes vectores para proporcionar a cada CPU su propia cola de hardware y a\u00fan manejar interrupciones reservadas (MB, RSP, ATIO). El cambio corrige el fallo en la m\u00e1quina virtual de doble n\u00facleo y evita la asignaci\u00f3n de QP desequilibrada donde nr_hw_queues es dos menos que la cantidad de CPU.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"drivers/scsi/qla2xxx/qla_isr.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"a6dcfe08487e5e83b6b4214c959a9577a9ed2d9f\",\"lessThan\":\"4ecd42dec858b6632c5f024fe13e9ad6c30f2734\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"a6dcfe08487e5e83b6b4214c959a9577a9ed2d9f\",\"lessThan\":\"0f86d66b38501e3ac66cf2d9f9f8ad6838bad0e6\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"a6dcfe08487e5e83b6b4214c959a9577a9ed2d9f\",\"lessThan\":\"f02d4086a8f36a0e1aaebf559b54cf24a177a486\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"drivers/scsi/qla2xxx/qla_isr.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"5.11\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"5.11\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.11.20\",\"lessThanOrEqual\":\"5.11.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.12.3\",\"lessThanOrEqual\":\"5.12.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.13\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-09-10T16:01:34.918435Z\",\"id\":\"CVE-2021-46964\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.11.20\",\"matchCriteriaId\":\"EEC03413-9760-46D4-AC1D-EB084A1D4111\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.12\",\"versionEndExcluding\":\"5.12.3\",\"matchCriteriaId\":\"F9D6B2DE-7E4A-4B3B-9AEE-3A2C5F23DA32\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0f86d66b38501e3ac66cf2d9f9f8ad6838bad0e6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4ecd42dec858b6632c5f024fe13e9ad6c30f2734\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f02d4086a8f36a0e1aaebf559b54cf24a177a486\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/0f86d66b38501e3ac66cf2d9f9f8ad6838bad0e6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/4ecd42dec858b6632c5f024fe13e9ad6c30f2734\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f02d4086a8f36a0e1aaebf559b54cf24a177a486\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/4ecd42dec858b6632c5f024fe13e9ad6c30f2734\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/0f86d66b38501e3ac66cf2d9f9f8ad6838bad0e6\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/f02d4086a8f36a0e1aaebf559b54cf24a177a486\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T05:17:43.024Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-46964\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T16:01:34.918435Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:18.618Z\"}}], \"cna\": {\"title\": \"scsi: qla2xxx: Reserve extra IRQ vectors\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"a6dcfe08487e5e83b6b4214c959a9577a9ed2d9f\", \"lessThan\": \"4ecd42dec858b6632c5f024fe13e9ad6c30f2734\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a6dcfe08487e5e83b6b4214c959a9577a9ed2d9f\", \"lessThan\": \"0f86d66b38501e3ac66cf2d9f9f8ad6838bad0e6\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"a6dcfe08487e5e83b6b4214c959a9577a9ed2d9f\", \"lessThan\": \"f02d4086a8f36a0e1aaebf559b54cf24a177a486\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/scsi/qla2xxx/qla_isr.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.11\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.11\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.11.20\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.11.*\"}, {\"status\": \"unaffected\", \"version\": \"5.12.3\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.12.*\"}, {\"status\": \"unaffected\", \"version\": \"5.13\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/scsi/qla2xxx/qla_isr.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/4ecd42dec858b6632c5f024fe13e9ad6c30f2734\"}, {\"url\": \"https://git.kernel.org/stable/c/0f86d66b38501e3ac66cf2d9f9f8ad6838bad0e6\"}, {\"url\": \"https://git.kernel.org/stable/c/f02d4086a8f36a0e1aaebf559b54cf24a177a486\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: qla2xxx: Reserve extra IRQ vectors\\n\\nCommit a6dcfe08487e (\\\"scsi: qla2xxx: Limit interrupt vectors to number of\\nCPUs\\\") lowers the number of allocated MSI-X vectors to the number of CPUs.\\n\\nThat breaks vector allocation assumptions in qla83xx_iospace_config(),\\nqla24xx_enable_msix() and qla2x00_iospace_config(). Either of the functions\\ncomputes maximum number of qpairs as:\\n\\n  ha-\u003emax_qpairs = ha-\u003emsix_count - 1 (MB interrupt) - 1 (default\\n                   response queue) - 1 (ATIO, in dual or pure target mode)\\n\\nmax_qpairs is set to zero in case of two CPUs and initiator mode. The\\nnumber is then used to allocate ha-\u003equeue_pair_map inside\\nqla2x00_alloc_queues(). No allocation happens and ha-\u003equeue_pair_map is\\nleft NULL but the driver thinks there are queue pairs available.\\n\\nqla2xxx_queuecommand() tries to find a qpair in the map and crashes:\\n\\n  if (ha-\u003emqenable) {\\n          uint32_t tag;\\n          uint16_t hwq;\\n          struct qla_qpair *qpair = NULL;\\n\\n          tag = blk_mq_unique_tag(cmd-\u003erequest);\\n          hwq = blk_mq_unique_tag_to_hwq(tag);\\n          qpair = ha-\u003equeue_pair_map[hwq]; # \u003c- HERE\\n\\n          if (qpair)\\n                  return qla2xxx_mqueuecommand(host, cmd, qpair);\\n  }\\n\\n  BUG: kernel NULL pointer dereference, address: 0000000000000000\\n  #PF: supervisor read access in kernel mode\\n  #PF: error_code(0x0000) - not-present page\\n  PGD 0 P4D 0\\n  Oops: 0000 [#1] SMP PTI\\n  CPU: 0 PID: 72 Comm: kworker/u4:3 Tainted: G        W         5.10.0-rc1+ #25\\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014\\n  Workqueue: scsi_wq_7 fc_scsi_scan_rport [scsi_transport_fc]\\n  RIP: 0010:qla2xxx_queuecommand+0x16b/0x3f0 [qla2xxx]\\n  Call Trace:\\n   scsi_queue_rq+0x58c/0xa60\\n   blk_mq_dispatch_rq_list+0x2b7/0x6f0\\n   ? __sbitmap_get_word+0x2a/0x80\\n   __blk_mq_sched_dispatch_requests+0xb8/0x170\\n   blk_mq_sched_dispatch_requests+0x2b/0x50\\n   __blk_mq_run_hw_queue+0x49/0xb0\\n   __blk_mq_delay_run_hw_queue+0xfb/0x150\\n   blk_mq_sched_insert_request+0xbe/0x110\\n   blk_execute_rq+0x45/0x70\\n   __scsi_execute+0x10e/0x250\\n   scsi_probe_and_add_lun+0x228/0xda0\\n   __scsi_scan_target+0xf4/0x620\\n   ? __pm_runtime_resume+0x4f/0x70\\n   scsi_scan_target+0x100/0x110\\n   fc_scsi_scan_rport+0xa1/0xb0 [scsi_transport_fc]\\n   process_one_work+0x1ea/0x3b0\\n   worker_thread+0x28/0x3b0\\n   ? process_one_work+0x3b0/0x3b0\\n   kthread+0x112/0x130\\n   ? kthread_park+0x80/0x80\\n   ret_from_fork+0x22/0x30\\n\\nThe driver should allocate enough vectors to provide every CPU it\u0027s own HW\\nqueue and still handle reserved (MB, RSP, ATIO) interrupts.\\n\\nThe change fixes the crash on dual core VM and prevents unbalanced QP\\nallocation where nr_hw_queues is two less than the number of CPUs.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.11.20\", \"versionStartIncluding\": \"5.11\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.12.3\", \"versionStartIncluding\": \"5.11\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.13\", \"versionStartIncluding\": \"5.11\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-05-11T13:45:20.138Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-46964\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-11T13:45:20.138Z\", \"dateReserved\": \"2024-02-27T18:42:55.942Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-02-27T18:47:02.404Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.