Vulnerability-Lookup

CERTFR-2024-AVI-0265

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et une exécution de code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE	openSUSE Leap	openSUSE Leap 15.5
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 15-SP5
SUSE	openSUSE Leap	openSUSE Leap 15.3
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing 12 SP5
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 15-SP2
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 12-SP5
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12 SP5
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro 5.2
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15 SP5
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro 5.1
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro for Rancher 5.4
SUSE	SUSE Linux Enterprise Real Time	SUSE Linux Enterprise Real Time 12 SP5
SUSE	N/A	SUSE Linux Enterprise High Availability Extension 12 SP5
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE	SUSE Manager Server	SUSE Manager Server 4.1
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro 5.3
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2
SUSE	SUSE Linux Enterprise Real Time	SUSE Linux Enterprise Real Time 15 SP5
SUSE	N/A	SUSE Linux Enterprise Workstation Extension 12 12-SP5
SUSE	openSUSE Leap	openSUSE Leap Micro 5.3
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro for Rancher 5.3
SUSE	SUSE Manager Retail Branch Server	SUSE Manager Retail Branch Server 4.1
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2
SUSE	SUSE Linux Enterprise Real Time	SUSE Linux Enterprise Real Time 15 SP4
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 15-SP3
SUSE	N/A	SUSE Linux Enterprise High Availability Extension 15 SP2
SUSE	SUSE Manager Proxy	SUSE Manager Proxy 4.1
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE	N/A	SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro 5.5
SUSE	openSUSE Leap	openSUSE Leap Micro 5.4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15 SP4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15 SP2
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 15 SP3
SUSE	SUSE Linux Enterprise Micro	SUSE Linux Enterprise Micro 5.4
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 15-SP4
SUSE	SUSE Linux Enterprise High Performance Computing	SUSE Linux Enterprise High Performance Computing 15 SP2

References

Title

Publication Time

CVE-2019-25162 (GCVE-0-2019-25162)

Vulnerability from cvelistv5 – Published: 2024-02-26 17:20 – Updated: 2026-05-11 13:41

Title

i2c: Fix a potential use after free

Summary

In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free. [wsa: added comment to the code, added Fixes tag]

Severity

No CVSS data available.

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/e6412ba3b6508bdf9…
https://git.kernel.org/stable/c/23a191b132cd87f74…
https://git.kernel.org/stable/c/871a1e94929a27bf6…
https://git.kernel.org/stable/c/81cb31756888bb062…
https://git.kernel.org/stable/c/35927d7509ab9bf41…
https://git.kernel.org/stable/c/e8e1a046cf87c8b13…
https://git.kernel.org/stable/c/12b0606000d082863…
https://git.kernel.org/stable/c/e4c72c06c367758a1…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < e6412ba3b6508bdf9c074d310bf4144afa6aec1a (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < 23a191b132cd87f746c62f3dc27da33683d85829 (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < 871a1e94929a27bf6e2cd99523865c840bbc2d87 (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < 81cb31756888bb062e92d2dca21cd629d77a46a9 (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < 35927d7509ab9bf41896b7e44f639504eae08af7 (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < e8e1a046cf87c8b1363e5de835114f2779e2aaf4 (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < 12b0606000d0828630c033bf0c74c748464fe87d (git) Affected: 611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 , < e4c72c06c367758a14f227c847f9d623f1994ecf (git)
Linux	Linux	Affected: 4.3 Unaffected: 0 , < 4.3 (semver) Unaffected: 4.14.291 , ≤ 4.14.* (semver) Unaffected: 4.19.256 , ≤ 4.19.* (semver) Unaffected: 5.4.211 , ≤ 5.4.* (semver) Unaffected: 5.10.137 , ≤ 5.10.* (semver) Unaffected: 5.15.61 , ≤ 5.15.* (semver) Unaffected: 5.18.18 , ≤ 5.18.* (semver) Unaffected: 5.19.2 , ≤ 5.19.* (semver) Unaffected: 6.0 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:00:19.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-25162",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-19T18:51:49.719341Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-19T18:51:57.708Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/i2c-core-base.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e6412ba3b6508bdf9c074d310bf4144afa6aec1a",
              "status": "affected",
              "version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
              "versionType": "git"
            },
            {
              "lessThan": "23a191b132cd87f746c62f3dc27da33683d85829",
              "status": "affected",
              "version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
              "versionType": "git"
            },
            {
              "lessThan": "871a1e94929a27bf6e2cd99523865c840bbc2d87",
              "status": "affected",
              "version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
              "versionType": "git"
            },
            {
              "lessThan": "81cb31756888bb062e92d2dca21cd629d77a46a9",
              "status": "affected",
              "version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
              "versionType": "git"
            },
            {
              "lessThan": "35927d7509ab9bf41896b7e44f639504eae08af7",
              "status": "affected",
              "version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
              "versionType": "git"
            },
            {
              "lessThan": "e8e1a046cf87c8b1363e5de835114f2779e2aaf4",
              "status": "affected",
              "version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
              "versionType": "git"
            },
            {
              "lessThan": "12b0606000d0828630c033bf0c74c748464fe87d",
              "status": "affected",
              "version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
              "versionType": "git"
            },
            {
              "lessThan": "e4c72c06c367758a14f227c847f9d623f1994ecf",
              "status": "affected",
              "version": "611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/i2c-core-base.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.3"
            },
            {
              "lessThan": "4.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.256",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.137",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.18.*",
              "status": "unaffected",
              "version": "5.18.18",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.291",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.256",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.211",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.137",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.61",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.18.18",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.2",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0",
                  "versionStartIncluding": "4.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: Fix a potential use after free\n\nFree the adap structure only after we are done using it.\nThis patch just moves the put_device() down a bit to avoid the\nuse after free.\n\n[wsa: added comment to the code, added Fixes tag]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:41:57.983Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a"
        },
        {
          "url": "https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829"
        },
        {
          "url": "https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87"
        },
        {
          "url": "https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4"
        },
        {
          "url": "https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87d"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecf"
        }
      ],
      "title": "i2c: Fix a potential use after free",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2019-25162",
    "datePublished": "2024-02-26T17:20:20.846Z",
    "dateReserved": "2024-02-26T17:07:20.465Z",
    "dateUpdated": "2026-05-11T13:41:57.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2020-36777 (GCVE-0-2020-36777)

Vulnerability from cvelistv5 – Published: 2024-02-27 18:40 – Updated: 2026-05-11 13:42

Title

media: dvbdev: Fix memory leak in dvb_media_device_free()

Summary

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvb_media_device_free() dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn` before setting it to NULL, as documented in include/media/media-device.h: "The media_entity instance itself must be freed explicitly by the driver if required."

Severity

No CVSS data available.

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/06854b943e0571ccb…
https://git.kernel.org/stable/c/32168ca1f12331684…
https://git.kernel.org/stable/c/cd89f79be5d553c78…
https://git.kernel.org/stable/c/9185b3b1c143b8da4…
https://git.kernel.org/stable/c/43263fd43083e4123…
https://git.kernel.org/stable/c/9ad15e214fcd73694…
https://git.kernel.org/stable/c/cede24d13be6c2a62…
https://git.kernel.org/stable/c/bf9a40ae8d722f281…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < 06854b943e0571ccbd7ad0a529babed1a98ff275 (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < 32168ca1f123316848fffb85d059860adf3c409f (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < cd89f79be5d553c78202f686e8e4caa5fbe94e98 (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < 9185b3b1c143b8da409c19ac5a785aa18d67a81b (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < 43263fd43083e412311fa764cd04a727b0c6a749 (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < 9ad15e214fcd73694ea51967d86055f47b802066 (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < cede24d13be6c2a62be6d7ceea63c2719b0cfa82 (git) Affected: 0230d60e4661d9ced6fb0b9a30f182ebdafbba7a , < bf9a40ae8d722f281a2721779595d6df1c33a0bf (git)
Linux	Linux	Affected: 4.5 Unaffected: 0 , < 4.5 (semver) Unaffected: 4.9.269 , ≤ 4.9.* (semver) Unaffected: 4.14.233 , ≤ 4.14.* (semver) Unaffected: 4.19.191 , ≤ 4.19.* (semver) Unaffected: 5.4.118 , ≤ 5.4.* (semver) Unaffected: 5.10.36 , ≤ 5.10.* (semver) Unaffected: 5.11.20 , ≤ 5.11.* (semver) Unaffected: 5.12.3 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-36777",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-11T16:40:26.925342Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:13.278Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:37:07.001Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/06854b943e0571ccbd7ad0a529babed1a98ff275"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/32168ca1f123316848fffb85d059860adf3c409f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cd89f79be5d553c78202f686e8e4caa5fbe94e98"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9185b3b1c143b8da409c19ac5a785aa18d67a81b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/43263fd43083e412311fa764cd04a727b0c6a749"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9ad15e214fcd73694ea51967d86055f47b802066"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cede24d13be6c2a62be6d7ceea63c2719b0cfa82"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bf9a40ae8d722f281a2721779595d6df1c33a0bf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/dvb-core/dvbdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "06854b943e0571ccbd7ad0a529babed1a98ff275",
              "status": "affected",
              "version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
              "versionType": "git"
            },
            {
              "lessThan": "32168ca1f123316848fffb85d059860adf3c409f",
              "status": "affected",
              "version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
              "versionType": "git"
            },
            {
              "lessThan": "cd89f79be5d553c78202f686e8e4caa5fbe94e98",
              "status": "affected",
              "version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
              "versionType": "git"
            },
            {
              "lessThan": "9185b3b1c143b8da409c19ac5a785aa18d67a81b",
              "status": "affected",
              "version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
              "versionType": "git"
            },
            {
              "lessThan": "43263fd43083e412311fa764cd04a727b0c6a749",
              "status": "affected",
              "version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
              "versionType": "git"
            },
            {
              "lessThan": "9ad15e214fcd73694ea51967d86055f47b802066",
              "status": "affected",
              "version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
              "versionType": "git"
            },
            {
              "lessThan": "cede24d13be6c2a62be6d7ceea63c2719b0cfa82",
              "status": "affected",
              "version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
              "versionType": "git"
            },
            {
              "lessThan": "bf9a40ae8d722f281a2721779595d6df1c33a0bf",
              "status": "affected",
              "version": "0230d60e4661d9ced6fb0b9a30f182ebdafbba7a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/dvb-core/dvbdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.5"
            },
            {
              "lessThan": "4.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.233",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.191",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.118",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.20",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.269",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.233",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.191",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.118",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.36",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.11.20",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.3",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvbdev: Fix memory leak in dvb_media_device_free()\n\ndvb_media_device_free() is leaking memory. Free `dvbdev-\u003eadapter-\u003econn`\nbefore setting it to NULL, as documented in include/media/media-device.h:\n\"The media_entity instance itself must be freed explicitly by the driver\nif required.\""
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:42:41.832Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/06854b943e0571ccbd7ad0a529babed1a98ff275"
        },
        {
          "url": "https://git.kernel.org/stable/c/32168ca1f123316848fffb85d059860adf3c409f"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd89f79be5d553c78202f686e8e4caa5fbe94e98"
        },
        {
          "url": "https://git.kernel.org/stable/c/9185b3b1c143b8da409c19ac5a785aa18d67a81b"
        },
        {
          "url": "https://git.kernel.org/stable/c/43263fd43083e412311fa764cd04a727b0c6a749"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ad15e214fcd73694ea51967d86055f47b802066"
        },
        {
          "url": "https://git.kernel.org/stable/c/cede24d13be6c2a62be6d7ceea63c2719b0cfa82"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf9a40ae8d722f281a2721779595d6df1c33a0bf"
        }
      ],
      "title": "media: dvbdev: Fix memory leak in dvb_media_device_free()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2020-36777",
    "datePublished": "2024-02-27T18:40:26.245Z",
    "dateReserved": "2024-02-26T17:07:27.434Z",
    "dateUpdated": "2026-05-11T13:42:41.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2020-36784 (GCVE-0-2020-36784)

Vulnerability from cvelistv5 – Published: 2024-02-28 08:13 – Updated: 2026-05-11 13:42

Title

i2c: cadence: fix reference leak when pm_runtime_get_sync fails

Summary

In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: fix reference leak when pm_runtime_get_sync fails The PM reference count is not expected to be incremented on return in functions cdns_i2c_master_xfer and cdns_reg_slave. However, pm_runtime_get_sync will increment pm usage counter even failed. Forgetting to putting operation will result in a reference leak here. Replace it with pm_runtime_resume_and_get to keep usage counter balanced.

Severity

No CVSS data available.

Assigner

Linux

References

4 references

URL	Tags
https://git.kernel.org/stable/c/30410519328c94367…
https://git.kernel.org/stable/c/d57ff04e0ed6f3be1…
https://git.kernel.org/stable/c/a45fc41beed8e0fe3…
https://git.kernel.org/stable/c/23ceb8462dc6f4b4d…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 7fa32329ca03148fb2c07b4ef3247b8fc0488d6a , < 30410519328c94367e561fd878e5f0d3a0303585 (git) Affected: 7fa32329ca03148fb2c07b4ef3247b8fc0488d6a , < d57ff04e0ed6f3be1682ae861ead33f879225e07 (git) Affected: 7fa32329ca03148fb2c07b4ef3247b8fc0488d6a , < a45fc41beed8e0fe31864619c34aa00797fb60c1 (git) Affected: 7fa32329ca03148fb2c07b4ef3247b8fc0488d6a , < 23ceb8462dc6f4b4decdb5536a7e5fc477cdf0b6 (git)
Linux	Linux	Affected: 4.5 Unaffected: 0 , < 4.5 (semver) Unaffected: 5.10.37 , ≤ 5.10.* (semver) Unaffected: 5.11.21 , ≤ 5.11.* (semver) Unaffected: 5.12.4 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:37:07.220Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/30410519328c94367e561fd878e5f0d3a0303585"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d57ff04e0ed6f3be1682ae861ead33f879225e07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a45fc41beed8e0fe31864619c34aa00797fb60c1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/23ceb8462dc6f4b4decdb5536a7e5fc477cdf0b6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-36784",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:01:21.710777Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:42.628Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/busses/i2c-cadence.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "30410519328c94367e561fd878e5f0d3a0303585",
              "status": "affected",
              "version": "7fa32329ca03148fb2c07b4ef3247b8fc0488d6a",
              "versionType": "git"
            },
            {
              "lessThan": "d57ff04e0ed6f3be1682ae861ead33f879225e07",
              "status": "affected",
              "version": "7fa32329ca03148fb2c07b4ef3247b8fc0488d6a",
              "versionType": "git"
            },
            {
              "lessThan": "a45fc41beed8e0fe31864619c34aa00797fb60c1",
              "status": "affected",
              "version": "7fa32329ca03148fb2c07b4ef3247b8fc0488d6a",
              "versionType": "git"
            },
            {
              "lessThan": "23ceb8462dc6f4b4decdb5536a7e5fc477cdf0b6",
              "status": "affected",
              "version": "7fa32329ca03148fb2c07b4ef3247b8fc0488d6a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/busses/i2c-cadence.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.5"
            },
            {
              "lessThan": "4.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.21",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.37",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.11.21",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.4",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: cadence: fix reference leak when pm_runtime_get_sync fails\n\nThe PM reference count is not expected to be incremented on\nreturn in functions cdns_i2c_master_xfer and cdns_reg_slave.\n\nHowever, pm_runtime_get_sync will increment pm usage counter\neven failed. Forgetting to putting operation will result in a\nreference leak here.\n\nReplace it with pm_runtime_resume_and_get to keep usage\ncounter balanced."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:42:50.017Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/30410519328c94367e561fd878e5f0d3a0303585"
        },
        {
          "url": "https://git.kernel.org/stable/c/d57ff04e0ed6f3be1682ae861ead33f879225e07"
        },
        {
          "url": "https://git.kernel.org/stable/c/a45fc41beed8e0fe31864619c34aa00797fb60c1"
        },
        {
          "url": "https://git.kernel.org/stable/c/23ceb8462dc6f4b4decdb5536a7e5fc477cdf0b6"
        }
      ],
      "title": "i2c: cadence: fix reference leak when pm_runtime_get_sync fails",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2020-36784",
    "datePublished": "2024-02-28T08:13:05.418Z",
    "dateReserved": "2024-02-26T17:07:27.435Z",
    "dateUpdated": "2026-05-11T13:42:50.017Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-33200 (GCVE-0-2021-33200)

Vulnerability from cvelistv5 – Published: 2021-05-27 00:00 – Updated: 2024-08-03 23:42

Summary

kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

7 references

URL	Tags
https://www.openwall.com/lists/oss-security/2021/…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://security.netapp.com/advisory/ntap-2021070…
https://git.kernel.org/cgit/linux/kernel/git/torv…
https://git.kernel.org/cgit/linux/kernel/git/torv…
https://git.kernel.org/cgit/linux/kernel/git/torv…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:42:20.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2021/05/27/1"
          },
          {
            "name": "FEDORA-2021-0b35886add",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJCABL43FT3FKRX5DBPZG25FNKR6CEK4/"
          },
          {
            "name": "FEDORA-2021-646098b5b8",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LR3OKKPHIBGOMHN476CMLW2T7UG53QX/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210706-0004/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3d0220f6861d713213b015b582e9f21e5b28d2e0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bb01a1bba579b4b1c5566af24d95f1767859771e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a7036191277f9fa68d92f2071ddc38c09b1e5ee5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux-\u003ealu_limit."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-25T00:40:25.731Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.openwall.com/lists/oss-security/2021/05/27/1"
        },
        {
          "name": "FEDORA-2021-0b35886add",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJCABL43FT3FKRX5DBPZG25FNKR6CEK4/"
        },
        {
          "name": "FEDORA-2021-646098b5b8",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LR3OKKPHIBGOMHN476CMLW2T7UG53QX/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210706-0004/"
        },
        {
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3d0220f6861d713213b015b582e9f21e5b28d2e0"
        },
        {
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bb01a1bba579b4b1c5566af24d95f1767859771e"
        },
        {
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a7036191277f9fa68d92f2071ddc38c09b1e5ee5"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-33200",
    "datePublished": "2021-05-27T00:00:00.000Z",
    "dateReserved": "2021-05-19T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:42:20.314Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-46904 (GCVE-0-2021-46904)

Vulnerability from cvelistv5 – Published: 2024-02-25 14:03 – Updated: 2026-05-11 13:44

Title

net: hso: fix null-ptr-deref during tty device unregistration

Summary

In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregistration succeeds but the next one results in a null-ptr-deref. The get_free_serial_index() function returns an available minor number but doesn't assign it immediately. The assignment is done by the caller later. But before this assignment, calls to get_free_serial_index() would return the same minor number. Fix this by modifying get_free_serial_index to assign the minor number immediately after one is found to be and rename it to obtain_minor() to better reflect what it does. Similary, rename set_serial_by_index() to release_minor() and modify it to free up the minor number of the given hso_serial. Every obtain_minor() should have corresponding release_minor() call.

Severity

No CVSS data available.

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/a462067d7c8e6953a…
https://git.kernel.org/stable/c/145c89c441d276969…
https://git.kernel.org/stable/c/caf5ac93b3b5d5fac…
https://git.kernel.org/stable/c/92028d7a31e55d53e…
https://git.kernel.org/stable/c/4a2933c88399c0ebc…
https://git.kernel.org/stable/c/dc195928d7e4ec7b5…
https://git.kernel.org/stable/c/388d05f70f1ee0cac…
https://git.kernel.org/stable/c/8a12f8836145ffe37…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 72dc1c096c7051a48ab1dbb12f71976656b55eb5 , < a462067d7c8e6953a733bf5ade8db947b1bb5449 (git) Affected: 72dc1c096c7051a48ab1dbb12f71976656b55eb5 , < 145c89c441d27696961752bf51b323f347601bee (git) Affected: 72dc1c096c7051a48ab1dbb12f71976656b55eb5 , < caf5ac93b3b5d5fac032fc11fbea680e115421b4 (git) Affected: 72dc1c096c7051a48ab1dbb12f71976656b55eb5 , < 92028d7a31e55d53e41cff679156b9432cffcb36 (git) Affected: 72dc1c096c7051a48ab1dbb12f71976656b55eb5 , < 4a2933c88399c0ebc738db39bbce3ae89786d723 (git) Affected: 72dc1c096c7051a48ab1dbb12f71976656b55eb5 , < dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac (git) Affected: 72dc1c096c7051a48ab1dbb12f71976656b55eb5 , < 388d05f70f1ee0cac4a2068fd295072f1a44152a (git) Affected: 72dc1c096c7051a48ab1dbb12f71976656b55eb5 , < 8a12f8836145ffe37e9c8733dce18c22fb668b66 (git)
Linux	Linux	Affected: 2.6.27 Unaffected: 0 , < 2.6.27 (semver) Unaffected: 4.4.268 , ≤ 4.4.* (semver) Unaffected: 4.9.268 , ≤ 4.9.* (semver) Unaffected: 4.14.232 , ≤ 4.14.* (semver) Unaffected: 4.19.187 , ≤ 4.19.* (semver) Unaffected: 5.4.112 , ≤ 5.4.* (semver) Unaffected: 5.10.30 , ≤ 5.10.* (semver) Unaffected: 5.11.14 , ≤ 5.11.* (semver) Unaffected: 5.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46904",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-25T17:47:17.588165Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-25T17:47:30.417Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.846Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a462067d7c8e6953a733bf5ade8db947b1bb5449"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/145c89c441d27696961752bf51b323f347601bee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/caf5ac93b3b5d5fac032fc11fbea680e115421b4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/92028d7a31e55d53e41cff679156b9432cffcb36"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4a2933c88399c0ebc738db39bbce3ae89786d723"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/388d05f70f1ee0cac4a2068fd295072f1a44152a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8a12f8836145ffe37e9c8733dce18c22fb668b66"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/hso.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a462067d7c8e6953a733bf5ade8db947b1bb5449",
              "status": "affected",
              "version": "72dc1c096c7051a48ab1dbb12f71976656b55eb5",
              "versionType": "git"
            },
            {
              "lessThan": "145c89c441d27696961752bf51b323f347601bee",
              "status": "affected",
              "version": "72dc1c096c7051a48ab1dbb12f71976656b55eb5",
              "versionType": "git"
            },
            {
              "lessThan": "caf5ac93b3b5d5fac032fc11fbea680e115421b4",
              "status": "affected",
              "version": "72dc1c096c7051a48ab1dbb12f71976656b55eb5",
              "versionType": "git"
            },
            {
              "lessThan": "92028d7a31e55d53e41cff679156b9432cffcb36",
              "status": "affected",
              "version": "72dc1c096c7051a48ab1dbb12f71976656b55eb5",
              "versionType": "git"
            },
            {
              "lessThan": "4a2933c88399c0ebc738db39bbce3ae89786d723",
              "status": "affected",
              "version": "72dc1c096c7051a48ab1dbb12f71976656b55eb5",
              "versionType": "git"
            },
            {
              "lessThan": "dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac",
              "status": "affected",
              "version": "72dc1c096c7051a48ab1dbb12f71976656b55eb5",
              "versionType": "git"
            },
            {
              "lessThan": "388d05f70f1ee0cac4a2068fd295072f1a44152a",
              "status": "affected",
              "version": "72dc1c096c7051a48ab1dbb12f71976656b55eb5",
              "versionType": "git"
            },
            {
              "lessThan": "8a12f8836145ffe37e9c8733dce18c22fb668b66",
              "status": "affected",
              "version": "72dc1c096c7051a48ab1dbb12f71976656b55eb5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/hso.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.27"
            },
            {
              "lessThan": "2.6.27",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.268",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.268",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.232",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.187",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.112",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.14",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.268",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.268",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.232",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.187",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.112",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.30",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.11.14",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hso: fix null-ptr-deref during tty device unregistration\n\nMultiple ttys try to claim the same the minor number causing a double\nunregistration of the same device. The first unregistration succeeds\nbut the next one results in a null-ptr-deref.\n\nThe get_free_serial_index() function returns an available minor number\nbut doesn\u0027t assign it immediately. The assignment is done by the caller\nlater. But before this assignment, calls to get_free_serial_index()\nwould return the same minor number.\n\nFix this by modifying get_free_serial_index to assign the minor number\nimmediately after one is found to be and rename it to obtain_minor()\nto better reflect what it does. Similary, rename set_serial_by_index()\nto release_minor() and modify it to free up the minor number of the\ngiven hso_serial. Every obtain_minor() should have corresponding\nrelease_minor() call."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:44:09.016Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a462067d7c8e6953a733bf5ade8db947b1bb5449"
        },
        {
          "url": "https://git.kernel.org/stable/c/145c89c441d27696961752bf51b323f347601bee"
        },
        {
          "url": "https://git.kernel.org/stable/c/caf5ac93b3b5d5fac032fc11fbea680e115421b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/92028d7a31e55d53e41cff679156b9432cffcb36"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a2933c88399c0ebc738db39bbce3ae89786d723"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac"
        },
        {
          "url": "https://git.kernel.org/stable/c/388d05f70f1ee0cac4a2068fd295072f1a44152a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a12f8836145ffe37e9c8733dce18c22fb668b66"
        }
      ],
      "title": "net: hso: fix null-ptr-deref during tty device unregistration",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46904",
    "datePublished": "2024-02-25T14:03:40.319Z",
    "dateReserved": "2024-02-25T13:45:52.716Z",
    "dateUpdated": "2026-05-11T13:44:09.016Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-46905 (GCVE-0-2021-46905)

Vulnerability from cvelistv5 – Published: 2024-02-25 14:03 – Updated: 2026-05-23 15:18

Title

net: hso: fix NULL-deref on disconnect regression

Summary

In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointer dereference on every disconnect instead. Specifically, the serial device table must no longer be accessed after the minor has been released by hso_serial_tty_unregister().

Severity

No CVSS data available.

Assigner

Linux

References

9 references

URL	Tags
https://git.kernel.org/stable/c/5871761c5f0f20d6e…
https://git.kernel.org/stable/c/0c71d4c89559f72ce…
https://git.kernel.org/stable/c/24b699bea7553fc0b…
https://git.kernel.org/stable/c/5c17cfe155d21954b…
https://git.kernel.org/stable/c/d7fad2ce15bdbbd0f…
https://git.kernel.org/stable/c/90642ee9eb581a135…
https://git.kernel.org/stable/c/0f000005da31f6947…
https://git.kernel.org/stable/c/41c44e1f3112d7265…
https://git.kernel.org/stable/c/2ad5692db72874f02…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: a462067d7c8e6953a733bf5ade8db947b1bb5449 , < 5871761c5f0f20d6e98bf3b6bd7486d857589554 (git) Affected: 145c89c441d27696961752bf51b323f347601bee , < 0c71d4c89559f72cec2592d078681a843bce570e (git) Affected: caf5ac93b3b5d5fac032fc11fbea680e115421b4 , < 24b699bea7553fc0b98dad9d864befb6005ac7f1 (git) Affected: 92028d7a31e55d53e41cff679156b9432cffcb36 , < 5c17cfe155d21954b4c7e2a78fa771cebcd86725 (git) Affected: 4a2933c88399c0ebc738db39bbce3ae89786d723 , < d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e (git) Affected: dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac , < 90642ee9eb581a13569b1c0bd57e85d962215273 (git) Affected: 388d05f70f1ee0cac4a2068fd295072f1a44152a , < 0f000005da31f6947f843ce6b3e3a960540c6e00 (git) Affected: 8a12f8836145ffe37e9c8733dce18c22fb668b66 , < 41c44e1f3112d7265dae522c026399b2a42d19ef (git) Affected: 8a12f8836145ffe37e9c8733dce18c22fb668b66 , < 2ad5692db72874f02b9ad551d26345437ea4f7f3 (git) Affected: 4.19.187 , < 4.19.189 (semver) Affected: 5.4.112 , < 5.4.115 (semver) Affected: 5.10.30 , < 5.10.33 (semver) Affected: 5.11.14 , < 5.11.17 (semver)
Linux	Linux	Affected: 5.12 Unaffected: 0 , < 5.12 (semver) Unaffected: 4.19.189 , ≤ 4.19.* (semver) Unaffected: 5.4.115 , ≤ 5.4.* (semver) Unaffected: 5.10.33 , ≤ 5.10.* (semver) Unaffected: 5.11.17 , ≤ 5.11.* (semver) Unaffected: 5.12.1 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46905",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-04T21:23:48.854357Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:07.815Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d962215273"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0f000005da31f6947f843ce6b3e3a960540c6e00"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/41c44e1f3112d7265dae522c026399b2a42d19ef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2ad5692db72874f02b9ad551d26345437ea4f7f3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/hso.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5871761c5f0f20d6e98bf3b6bd7486d857589554",
              "status": "affected",
              "version": "a462067d7c8e6953a733bf5ade8db947b1bb5449",
              "versionType": "git"
            },
            {
              "lessThan": "0c71d4c89559f72cec2592d078681a843bce570e",
              "status": "affected",
              "version": "145c89c441d27696961752bf51b323f347601bee",
              "versionType": "git"
            },
            {
              "lessThan": "24b699bea7553fc0b98dad9d864befb6005ac7f1",
              "status": "affected",
              "version": "caf5ac93b3b5d5fac032fc11fbea680e115421b4",
              "versionType": "git"
            },
            {
              "lessThan": "5c17cfe155d21954b4c7e2a78fa771cebcd86725",
              "status": "affected",
              "version": "92028d7a31e55d53e41cff679156b9432cffcb36",
              "versionType": "git"
            },
            {
              "lessThan": "d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e",
              "status": "affected",
              "version": "4a2933c88399c0ebc738db39bbce3ae89786d723",
              "versionType": "git"
            },
            {
              "lessThan": "90642ee9eb581a13569b1c0bd57e85d962215273",
              "status": "affected",
              "version": "dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac",
              "versionType": "git"
            },
            {
              "lessThan": "0f000005da31f6947f843ce6b3e3a960540c6e00",
              "status": "affected",
              "version": "388d05f70f1ee0cac4a2068fd295072f1a44152a",
              "versionType": "git"
            },
            {
              "lessThan": "41c44e1f3112d7265dae522c026399b2a42d19ef",
              "status": "affected",
              "version": "8a12f8836145ffe37e9c8733dce18c22fb668b66",
              "versionType": "git"
            },
            {
              "lessThan": "2ad5692db72874f02b9ad551d26345437ea4f7f3",
              "status": "affected",
              "version": "8a12f8836145ffe37e9c8733dce18c22fb668b66",
              "versionType": "git"
            },
            {
              "lessThan": "4.19.189",
              "status": "affected",
              "version": "4.19.187",
              "versionType": "semver"
            },
            {
              "lessThan": "5.4.115",
              "status": "affected",
              "version": "5.4.112",
              "versionType": "semver"
            },
            {
              "lessThan": "5.10.33",
              "status": "affected",
              "version": "5.10.30",
              "versionType": "semver"
            },
            {
              "lessThan": "5.11.17",
              "status": "affected",
              "version": "5.11.14",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/usb/hso.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.189",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.115",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.189",
                  "versionStartIncluding": "4.19.187",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.115",
                  "versionStartIncluding": "5.4.112",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.33",
                  "versionStartIncluding": "5.10.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.11.17",
                  "versionStartIncluding": "5.11.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.1",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hso: fix NULL-deref on disconnect regression\n\nCommit 8a12f8836145 (\"net: hso: fix null-ptr-deref during tty device\nunregistration\") fixed the racy minor allocation reported by syzbot, but\nintroduced an unconditional NULL-pointer dereference on every disconnect\ninstead.\n\nSpecifically, the serial device table must no longer be accessed after\nthe minor has been released by hso_serial_tty_unregister()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:18:41.989Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e"
        },
        {
          "url": "https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e"
        },
        {
          "url": "https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d962215273"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f000005da31f6947f843ce6b3e3a960540c6e00"
        },
        {
          "url": "https://git.kernel.org/stable/c/41c44e1f3112d7265dae522c026399b2a42d19ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/2ad5692db72874f02b9ad551d26345437ea4f7f3"
        }
      ],
      "title": "net: hso: fix NULL-deref on disconnect regression",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46905",
    "datePublished": "2024-02-25T14:03:40.944Z",
    "dateReserved": "2024-02-25T13:45:52.717Z",
    "dateUpdated": "2026-05-23T15:18:41.989Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-46906 (GCVE-0-2021-46906)

Vulnerability from cvelistv5 – Published: 2024-02-26 17:20 – Updated: 2026-05-11 13:44

Title

HID: usbhid: fix info leak in hid_submit_ctrl

Summary

In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hid_submit_ctrl In hid_submit_ctrl(), the way of calculating the report length doesn't take into account that report->size can be zero. When running the syzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to calculate transfer_buffer_length as 16384. When this urb is passed to the usb core layer, KMSAN reports an info leak of 16384 bytes. To fix this, first modify hid_report_len() to account for the zero report size case by using DIV_ROUND_UP for the division. Then, call it from hid_submit_ctrl().

Severity

No CVSS data available.

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/c5d3c142f2d57d40c…
https://git.kernel.org/stable/c/41b1e71a2c57366b0…
https://git.kernel.org/stable/c/8c064eece9a51856f…
https://git.kernel.org/stable/c/0e280502be1b003c3…
https://git.kernel.org/stable/c/7f5a4b24cdbd73727…
https://git.kernel.org/stable/c/b1e3596416d74ce95…
https://git.kernel.org/stable/c/21883bff0fd854e07…
https://git.kernel.org/stable/c/6be388f4a35d2ce5e…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c5d3c142f2d57d40c55e65d5622d319125a45366 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 41b1e71a2c57366b08dcca1a28b0d45ca69429ce (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8c064eece9a51856f3f275104520c7e3017fc5c0 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 0e280502be1b003c3483ae03fc60dea554fcfa82 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7f5a4b24cdbd7372770a02f23e347d7d9a9ac8f1 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b1e3596416d74ce95cc0b7b38472329a3818f8a9 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 21883bff0fd854e07429a773ff18f1e9658f50e8 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6be388f4a35d2ce5ef7dbf635a8964a5da7f799f (git)
Linux	Linux	Affected: 2.6.12 Unaffected: 0 , < 2.6.12 (semver) Unaffected: 4.4.274 , ≤ 4.4.* (semver) Unaffected: 4.9.274 , ≤ 4.9.* (semver) Unaffected: 4.14.238 , ≤ 4.14.* (semver) Unaffected: 4.19.196 , ≤ 4.19.* (semver) Unaffected: 5.4.127 , ≤ 5.4.* (semver) Unaffected: 5.10.45 , ≤ 5.10.* (semver) Unaffected: 5.12.12 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.969Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c5d3c142f2d57d40c55e65d5622d319125a45366"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/41b1e71a2c57366b08dcca1a28b0d45ca69429ce"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8c064eece9a51856f3f275104520c7e3017fc5c0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0e280502be1b003c3483ae03fc60dea554fcfa82"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7f5a4b24cdbd7372770a02f23e347d7d9a9ac8f1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b1e3596416d74ce95cc0b7b38472329a3818f8a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/21883bff0fd854e07429a773ff18f1e9658f50e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6be388f4a35d2ce5ef7dbf635a8964a5da7f799f"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46906",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:02:20.287488Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:40.270Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/usbhid/hid-core.c",
            "include/linux/hid.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c5d3c142f2d57d40c55e65d5622d319125a45366",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "41b1e71a2c57366b08dcca1a28b0d45ca69429ce",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "8c064eece9a51856f3f275104520c7e3017fc5c0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0e280502be1b003c3483ae03fc60dea554fcfa82",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7f5a4b24cdbd7372770a02f23e347d7d9a9ac8f1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "b1e3596416d74ce95cc0b7b38472329a3818f8a9",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "21883bff0fd854e07429a773ff18f1e9658f50e8",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6be388f4a35d2ce5ef7dbf635a8964a5da7f799f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/usbhid/hid-core.c",
            "include/linux/hid.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.238",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.196",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.127",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.45",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.274",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.274",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.238",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.196",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.127",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.45",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.12",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: usbhid: fix info leak in hid_submit_ctrl\n\nIn hid_submit_ctrl(), the way of calculating the report length doesn\u0027t\ntake into account that report-\u003esize can be zero. When running the\nsyzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to\ncalculate transfer_buffer_length as 16384. When this urb is passed to\nthe usb core layer, KMSAN reports an info leak of 16384 bytes.\n\nTo fix this, first modify hid_report_len() to account for the zero\nreport size case by using DIV_ROUND_UP for the division. Then, call it\nfrom hid_submit_ctrl()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:44:11.363Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c5d3c142f2d57d40c55e65d5622d319125a45366"
        },
        {
          "url": "https://git.kernel.org/stable/c/41b1e71a2c57366b08dcca1a28b0d45ca69429ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c064eece9a51856f3f275104520c7e3017fc5c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e280502be1b003c3483ae03fc60dea554fcfa82"
        },
        {
          "url": "https://git.kernel.org/stable/c/7f5a4b24cdbd7372770a02f23e347d7d9a9ac8f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1e3596416d74ce95cc0b7b38472329a3818f8a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/21883bff0fd854e07429a773ff18f1e9658f50e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/6be388f4a35d2ce5ef7dbf635a8964a5da7f799f"
        }
      ],
      "title": "HID: usbhid: fix info leak in hid_submit_ctrl",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46906",
    "datePublished": "2024-02-26T17:20:22.144Z",
    "dateReserved": "2024-02-25T13:45:52.717Z",
    "dateUpdated": "2026-05-11T13:44:11.363Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-46915 (GCVE-0-2021-46915)

Vulnerability from cvelistv5 – Published: 2024-02-27 06:53 – Updated: 2026-05-11 13:44

Title

netfilter: nft_limit: avoid possible divide error in nft_limit_init

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: avoid possible divide error in nft_limit_init div_u64() divides u64 by u32. nft_limit_init() wants to divide u64 by u64, use the appropriate math function (div64_u64) divide error: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 8390 Comm: syz-executor188 Not tainted 5.12.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:div_u64_rem include/linux/math64.h:28 [inline] RIP: 0010:div_u64 include/linux/math64.h:127 [inline] RIP: 0010:nft_limit_init+0x2a2/0x5e0 net/netfilter/nft_limit.c:85 Code: ef 4c 01 eb 41 0f 92 c7 48 89 de e8 38 a5 22 fa 4d 85 ff 0f 85 97 02 00 00 e8 ea 9e 22 fa 4c 0f af f3 45 89 ed 31 d2 4c 89 f0 <49> f7 f5 49 89 c6 e8 d3 9e 22 fa 48 8d 7d 48 48 b8 00 00 00 00 00 RSP: 0018:ffffc90009447198 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000200000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff875152e6 RDI: 0000000000000003 RBP: ffff888020f80908 R08: 0000200000000000 R09: 0000000000000000 R10: ffffffff875152d8 R11: 0000000000000000 R12: ffffc90009447270 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 000000000097a300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000200001c4 CR3: 0000000026a52000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: nf_tables_newexpr net/netfilter/nf_tables_api.c:2675 [inline] nft_expr_init+0x145/0x2d0 net/netfilter/nf_tables_api.c:2713 nft_set_elem_expr_alloc+0x27/0x280 net/netfilter/nf_tables_api.c:5160 nf_tables_newset+0x1997/0x3150 net/netfilter/nf_tables_api.c:4321 nfnetlink_rcv_batch+0x85a/0x21b0 net/netfilter/nfnetlink.c:456 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:580 [inline] nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:598 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927 sock_sendmsg_nosec net/socket.c:654 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:674 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350 ___sys_sendmsg+0xf3/0x170 net/socket.c:2404 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae

Severity

No CVSS data available.

Assigner

Linux

References

6 references

URL	Tags
https://git.kernel.org/stable/c/9065ccb9ec92c5120…
https://git.kernel.org/stable/c/fadd3c4afdf3d4c21…
https://git.kernel.org/stable/c/01fb1626b620cb37a…
https://git.kernel.org/stable/c/dc1732baa9da5b686…
https://git.kernel.org/stable/c/1bb3ee4259936cc3b…
https://git.kernel.org/stable/c/b895bdf5d643b6feb…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: c26844eda9d4fdbd266660e3b3de2d0270e3a1ed , < 9065ccb9ec92c5120e7e97958397ebdb454f23d6 (git) Affected: c26844eda9d4fdbd266660e3b3de2d0270e3a1ed , < fadd3c4afdf3d4c21f4d138502f8b76334987e26 (git) Affected: c26844eda9d4fdbd266660e3b3de2d0270e3a1ed , < 01fb1626b620cb37a65ad08e0f626489e8f042ef (git) Affected: c26844eda9d4fdbd266660e3b3de2d0270e3a1ed , < dc1732baa9da5b68621586bf8636ebbc27dc62d2 (git) Affected: c26844eda9d4fdbd266660e3b3de2d0270e3a1ed , < 1bb3ee4259936cc3b2d80a4a480bbb4868575071 (git) Affected: c26844eda9d4fdbd266660e3b3de2d0270e3a1ed , < b895bdf5d643b6feb7c60856326dd4feb6981560 (git)
Linux	Linux	Affected: 4.13 Unaffected: 0 , < 4.13 (semver) Unaffected: 4.14.232 , ≤ 4.14.* (semver) Unaffected: 4.19.189 , ≤ 4.19.* (semver) Unaffected: 5.4.114 , ≤ 5.4.* (semver) Unaffected: 5.10.32 , ≤ 5.10.* (semver) Unaffected: 5.11.16 , ≤ 5.11.* (semver) Unaffected: 5.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46915",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-27T20:05:20.730177Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:02.540Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9065ccb9ec92c5120e7e97958397ebdb454f23d6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fadd3c4afdf3d4c21f4d138502f8b76334987e26"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/01fb1626b620cb37a65ad08e0f626489e8f042ef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dc1732baa9da5b68621586bf8636ebbc27dc62d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1bb3ee4259936cc3b2d80a4a480bbb4868575071"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b895bdf5d643b6feb7c60856326dd4feb6981560"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nft_limit.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9065ccb9ec92c5120e7e97958397ebdb454f23d6",
              "status": "affected",
              "version": "c26844eda9d4fdbd266660e3b3de2d0270e3a1ed",
              "versionType": "git"
            },
            {
              "lessThan": "fadd3c4afdf3d4c21f4d138502f8b76334987e26",
              "status": "affected",
              "version": "c26844eda9d4fdbd266660e3b3de2d0270e3a1ed",
              "versionType": "git"
            },
            {
              "lessThan": "01fb1626b620cb37a65ad08e0f626489e8f042ef",
              "status": "affected",
              "version": "c26844eda9d4fdbd266660e3b3de2d0270e3a1ed",
              "versionType": "git"
            },
            {
              "lessThan": "dc1732baa9da5b68621586bf8636ebbc27dc62d2",
              "status": "affected",
              "version": "c26844eda9d4fdbd266660e3b3de2d0270e3a1ed",
              "versionType": "git"
            },
            {
              "lessThan": "1bb3ee4259936cc3b2d80a4a480bbb4868575071",
              "status": "affected",
              "version": "c26844eda9d4fdbd266660e3b3de2d0270e3a1ed",
              "versionType": "git"
            },
            {
              "lessThan": "b895bdf5d643b6feb7c60856326dd4feb6981560",
              "status": "affected",
              "version": "c26844eda9d4fdbd266660e3b3de2d0270e3a1ed",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nft_limit.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.13"
            },
            {
              "lessThan": "4.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.232",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.189",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.114",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.32",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.232",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.189",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.114",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.32",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.11.16",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12",
                  "versionStartIncluding": "4.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_limit: avoid possible divide error in nft_limit_init\n\ndiv_u64() divides u64 by u32.\n\nnft_limit_init() wants to divide u64 by u64, use the appropriate\nmath function (div64_u64)\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 PID: 8390 Comm: syz-executor188 Not tainted 5.12.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:div_u64_rem include/linux/math64.h:28 [inline]\nRIP: 0010:div_u64 include/linux/math64.h:127 [inline]\nRIP: 0010:nft_limit_init+0x2a2/0x5e0 net/netfilter/nft_limit.c:85\nCode: ef 4c 01 eb 41 0f 92 c7 48 89 de e8 38 a5 22 fa 4d 85 ff 0f 85 97 02 00 00 e8 ea 9e 22 fa 4c 0f af f3 45 89 ed 31 d2 4c 89 f0 \u003c49\u003e f7 f5 49 89 c6 e8 d3 9e 22 fa 48 8d 7d 48 48 b8 00 00 00 00 00\nRSP: 0018:ffffc90009447198 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000200000000000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff875152e6 RDI: 0000000000000003\nRBP: ffff888020f80908 R08: 0000200000000000 R09: 0000000000000000\nR10: ffffffff875152d8 R11: 0000000000000000 R12: ffffc90009447270\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  000000000097a300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200001c4 CR3: 0000000026a52000 CR4: 00000000001506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n nf_tables_newexpr net/netfilter/nf_tables_api.c:2675 [inline]\n nft_expr_init+0x145/0x2d0 net/netfilter/nf_tables_api.c:2713\n nft_set_elem_expr_alloc+0x27/0x280 net/netfilter/nf_tables_api.c:5160\n nf_tables_newset+0x1997/0x3150 net/netfilter/nf_tables_api.c:4321\n nfnetlink_rcv_batch+0x85a/0x21b0 net/netfilter/nfnetlink.c:456\n nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:580 [inline]\n nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:598\n netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]\n netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338\n netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927\n sock_sendmsg_nosec net/socket.c:654 [inline]\n sock_sendmsg+0xcf/0x120 net/socket.c:674\n ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350\n ___sys_sendmsg+0xf3/0x170 net/socket.c:2404\n __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433\n do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x44/0xae"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:44:21.141Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9065ccb9ec92c5120e7e97958397ebdb454f23d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/fadd3c4afdf3d4c21f4d138502f8b76334987e26"
        },
        {
          "url": "https://git.kernel.org/stable/c/01fb1626b620cb37a65ad08e0f626489e8f042ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc1732baa9da5b68621586bf8636ebbc27dc62d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/1bb3ee4259936cc3b2d80a4a480bbb4868575071"
        },
        {
          "url": "https://git.kernel.org/stable/c/b895bdf5d643b6feb7c60856326dd4feb6981560"
        }
      ],
      "title": "netfilter: nft_limit: avoid possible divide error in nft_limit_init",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46915",
    "datePublished": "2024-02-27T06:53:54.148Z",
    "dateReserved": "2024-02-25T13:45:52.718Z",
    "dateUpdated": "2026-05-11T13:44:21.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-46921 (GCVE-0-2021-46921)

Vulnerability from cvelistv5 – Published: 2024-02-27 09:36 – Updated: 2026-05-11 13:44

Title

locking/qrwlock: Fix ordering in queued_write_lock_slowpath()

Summary

In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queued_write_lock_slowpath() While this code is executed with the wait_lock held, a reader can acquire the lock without holding wait_lock. The writer side loops checking the value with the atomic_cond_read_acquire(), but only truly acquires the lock when the compare-and-exchange is completed successfully which isn’t ordered. This exposes the window between the acquire and the cmpxchg to an A-B-A problem which allows reads following the lock acquisition to observe values speculatively before the write lock is truly acquired. We've seen a problem in epoll where the reader does a xchg while holding the read lock, but the writer can see a value change out from under it. Writer | Reader -------------------------------------------------------------------------------- ep_scan_ready_list() | |- write_lock_irq() | |- queued_write_lock_slowpath() | |- atomic_cond_read_acquire() | | read_lock_irqsave(&ep->lock, flags); --> (observes value before unlock) | chain_epi_lockless() | | epi->next = xchg(&ep->ovflist, epi); | | read_unlock_irqrestore(&ep->lock, flags); | | | atomic_cmpxchg_relaxed() | |-- READ_ONCE(ep->ovflist); | A core can order the read of the ovflist ahead of the atomic_cmpxchg_relaxed(). Switching the cmpxchg to use acquire semantics addresses this issue at which point the atomic_cond_read can be switched to use relaxed semantics. [peterz: use try_cmpxchg()]

Severity

No CVSS data available.

Assigner

Linux

References

5 references

URL	Tags
https://git.kernel.org/stable/c/5902f9453a313be8f…
https://git.kernel.org/stable/c/82808cc026811fbc3…
https://git.kernel.org/stable/c/82fa9ced35d88581c…
https://git.kernel.org/stable/c/d558fcdb171397283…
https://git.kernel.org/stable/c/84a24bf8c52e66b7a…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: b519b56e378ee82caf9b079b04f5db87dedc3251 , < 5902f9453a313be8fe78cbd7e7ca9dba9319fc6e (git) Affected: b519b56e378ee82caf9b079b04f5db87dedc3251 , < 82808cc026811fbc3ecf0c0b267a12a339eead56 (git) Affected: b519b56e378ee82caf9b079b04f5db87dedc3251 , < 82fa9ced35d88581cffa4a1c856fc41fca96d80a (git) Affected: b519b56e378ee82caf9b079b04f5db87dedc3251 , < d558fcdb17139728347bccc60a16af3e639649d2 (git) Affected: b519b56e378ee82caf9b079b04f5db87dedc3251 , < 84a24bf8c52e66b7ac89ada5e3cfbe72d65c1896 (git)
Linux	Linux	Affected: 4.15 Unaffected: 0 , < 4.15 (semver) Unaffected: 4.19.189 , ≤ 4.19.* (semver) Unaffected: 5.4.115 , ≤ 5.4.* (semver) Unaffected: 5.10.33 , ≤ 5.10.* (semver) Unaffected: 5.11.17 , ≤ 5.11.* (semver) Unaffected: 5.12 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46921",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-27T16:11:46.310286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:01.427Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.848Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5902f9453a313be8fe78cbd7e7ca9dba9319fc6e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/82808cc026811fbc3ecf0c0b267a12a339eead56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/82fa9ced35d88581cffa4a1c856fc41fca96d80a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d558fcdb17139728347bccc60a16af3e639649d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/84a24bf8c52e66b7ac89ada5e3cfbe72d65c1896"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/locking/qrwlock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5902f9453a313be8fe78cbd7e7ca9dba9319fc6e",
              "status": "affected",
              "version": "b519b56e378ee82caf9b079b04f5db87dedc3251",
              "versionType": "git"
            },
            {
              "lessThan": "82808cc026811fbc3ecf0c0b267a12a339eead56",
              "status": "affected",
              "version": "b519b56e378ee82caf9b079b04f5db87dedc3251",
              "versionType": "git"
            },
            {
              "lessThan": "82fa9ced35d88581cffa4a1c856fc41fca96d80a",
              "status": "affected",
              "version": "b519b56e378ee82caf9b079b04f5db87dedc3251",
              "versionType": "git"
            },
            {
              "lessThan": "d558fcdb17139728347bccc60a16af3e639649d2",
              "status": "affected",
              "version": "b519b56e378ee82caf9b079b04f5db87dedc3251",
              "versionType": "git"
            },
            {
              "lessThan": "84a24bf8c52e66b7ac89ada5e3cfbe72d65c1896",
              "status": "affected",
              "version": "b519b56e378ee82caf9b079b04f5db87dedc3251",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/locking/qrwlock.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.189",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.115",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.17",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.189",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.115",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.33",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.11.17",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlocking/qrwlock: Fix ordering in queued_write_lock_slowpath()\n\nWhile this code is executed with the wait_lock held, a reader can\nacquire the lock without holding wait_lock.  The writer side loops\nchecking the value with the atomic_cond_read_acquire(), but only truly\nacquires the lock when the compare-and-exchange is completed\nsuccessfully which isn\u2019t ordered. This exposes the window between the\nacquire and the cmpxchg to an A-B-A problem which allows reads\nfollowing the lock acquisition to observe values speculatively before\nthe write lock is truly acquired.\n\nWe\u0027ve seen a problem in epoll where the reader does a xchg while\nholding the read lock, but the writer can see a value change out from\nunder it.\n\n  Writer                                | Reader\n  --------------------------------------------------------------------------------\n  ep_scan_ready_list()                  |\n  |- write_lock_irq()                   |\n      |- queued_write_lock_slowpath()   |\n\t|- atomic_cond_read_acquire()   |\n\t\t\t\t        | read_lock_irqsave(\u0026ep-\u003elock, flags);\n     --\u003e (observes value before unlock) |  chain_epi_lockless()\n     |                                  |    epi-\u003enext = xchg(\u0026ep-\u003eovflist, epi);\n     |                                  | read_unlock_irqrestore(\u0026ep-\u003elock, flags);\n     |                                  |\n     |     atomic_cmpxchg_relaxed()     |\n     |-- READ_ONCE(ep-\u003eovflist);        |\n\nA core can order the read of the ovflist ahead of the\natomic_cmpxchg_relaxed(). Switching the cmpxchg to use acquire\nsemantics addresses this issue at which point the atomic_cond_read can\nbe switched to use relaxed semantics.\n\n[peterz: use try_cmpxchg()]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:44:28.461Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5902f9453a313be8fe78cbd7e7ca9dba9319fc6e"
        },
        {
          "url": "https://git.kernel.org/stable/c/82808cc026811fbc3ecf0c0b267a12a339eead56"
        },
        {
          "url": "https://git.kernel.org/stable/c/82fa9ced35d88581cffa4a1c856fc41fca96d80a"
        },
        {
          "url": "https://git.kernel.org/stable/c/d558fcdb17139728347bccc60a16af3e639649d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/84a24bf8c52e66b7ac89ada5e3cfbe72d65c1896"
        }
      ],
      "title": "locking/qrwlock: Fix ordering in queued_write_lock_slowpath()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46921",
    "datePublished": "2024-02-27T09:36:26.461Z",
    "dateReserved": "2024-02-25T13:45:52.719Z",
    "dateUpdated": "2026-05-11T13:44:28.461Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-46923 (GCVE-0-2021-46923)

Vulnerability from cvelistv5 – Published: 2024-02-27 09:43 – Updated: 2026-05-11 13:44

Title

fs/mount_setattr: always cleanup mount_kattr

Summary

In the Linux kernel, the following vulnerability has been resolved: fs/mount_setattr: always cleanup mount_kattr Make sure that finish_mount_kattr() is called after mount_kattr was succesfully built in both the success and failure case to prevent leaking any references we took when we built it. We returned early if path lookup failed thereby risking to leak an additional reference we took when building mount_kattr when an idmapped mount was requested.

Severity

No CVSS data available.

Assigner

Linux

References

2 references

URL	Tags
https://git.kernel.org/stable/c/47b5d0a7532d39e42…
https://git.kernel.org/stable/c/012e332286e2bb9f6…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 9caccd41541a6f7d6279928d9f971f6642c361af , < 47b5d0a7532d39e42a938f81e3904268145c341d (git) Affected: 9caccd41541a6f7d6279928d9f971f6642c361af , < 012e332286e2bb9f6ac77d195f17e74b2963d663 (git)
Linux	Linux	Affected: 5.12 Unaffected: 0 , < 5.12 (semver) Unaffected: 5.15.13 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46923",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-05T16:15:38.368509Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:08.089Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:43.009Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/47b5d0a7532d39e42a938f81e3904268145c341d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/012e332286e2bb9f6ac77d195f17e74b2963d663"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/namespace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "47b5d0a7532d39e42a938f81e3904268145c341d",
              "status": "affected",
              "version": "9caccd41541a6f7d6279928d9f971f6642c361af",
              "versionType": "git"
            },
            {
              "lessThan": "012e332286e2bb9f6ac77d195f17e74b2963d663",
              "status": "affected",
              "version": "9caccd41541a6f7d6279928d9f971f6642c361af",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/namespace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.13",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "5.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/mount_setattr: always cleanup mount_kattr\n\nMake sure that finish_mount_kattr() is called after mount_kattr was\nsuccesfully built in both the success and failure case to prevent\nleaking any references we took when we built it.  We returned early if\npath lookup failed thereby risking to leak an additional reference we\ntook when building mount_kattr when an idmapped mount was requested."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:44:30.800Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/47b5d0a7532d39e42a938f81e3904268145c341d"
        },
        {
          "url": "https://git.kernel.org/stable/c/012e332286e2bb9f6ac77d195f17e74b2963d663"
        }
      ],
      "title": "fs/mount_setattr: always cleanup mount_kattr",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46923",
    "datePublished": "2024-02-27T09:43:54.159Z",
    "dateReserved": "2024-02-25T13:45:52.719Z",
    "dateUpdated": "2026-05-11T13:44:30.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2024-AVI-0265

Solution

CVE-2019-25162 (GCVE-0-2019-25162)

CVE-2020-36777 (GCVE-0-2020-36777)

CVE-2020-36784 (GCVE-0-2020-36784)

CVE-2021-33200 (GCVE-0-2021-33200)

CVE-2021-46904 (GCVE-0-2021-46904)

CVE-2021-46905 (GCVE-0-2021-46905)

CVE-2021-46906 (GCVE-0-2021-46906)

CVE-2021-46915 (GCVE-0-2021-46915)

CVE-2021-46921 (GCVE-0-2021-46921)

CVE-2021-46923 (GCVE-0-2021-46923)

Tags

Sightings

Nomenclature