cve-2021-46916
Vulnerability from cvelistv5
Published
2024-02-27 06:53
Modified
2024-11-04 11:55
Severity ?
Summary
ixgbe: Fix NULL pointer dereference in ethtool loopback test
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.887Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46916",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:02:07.223543Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:31.253Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/ixgbe/ixgbe_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "758d19098df4",
              "status": "affected",
              "version": "b02e5a0ebb17",
              "versionType": "git"
            },
            {
              "lessThan": "31166efb1cee",
              "status": "affected",
              "version": "b02e5a0ebb17",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/ixgbe/ixgbe_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: Fix NULL pointer dereference in ethtool loopback test\n\nThe ixgbe driver currently generates a NULL pointer dereference when\nperforming the ethtool loopback test. This is due to the fact that there\nisn\u0027t a q_vector associated with the test ring when it is setup as\ninterrupts are not normally added to the test rings.\n\nTo address this I have added code that will check for a q_vector before\nreturning a napi_id value. If a q_vector is not present it will return a\nvalue of 0."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T11:55:49.231Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba"
        },
        {
          "url": "https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d"
        }
      ],
      "title": "ixgbe: Fix NULL pointer dereference in ethtool loopback test",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46916",
    "datePublished": "2024-02-27T06:53:54.775Z",
    "dateReserved": "2024-02-25T13:45:52.719Z",
    "dateUpdated": "2024-11-04T11:55:49.231Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-46916\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-27T07:15:08.250\",\"lastModified\":\"2024-04-10T14:24:11.963\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nixgbe: Fix NULL pointer dereference in ethtool loopback test\\n\\nThe ixgbe driver currently generates a NULL pointer dereference when\\nperforming the ethtool loopback test. This is due to the fact that there\\nisn\u0027t a q_vector associated with the test ring when it is setup as\\ninterrupts are not normally added to the test rings.\\n\\nTo address this I have added code that will check for a q_vector before\\nreturning a napi_id value. If a q_vector is not present it will return a\\nvalue of 0.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ixgbe: corrige la desreferencia de puntero NULL en la prueba de bucle invertido de ethtool. El controlador ixgbe actualmente genera una desreferencia de puntero NULL cuando se realiza la prueba de bucle invertido de ethtool. Esto se debe al hecho de que no hay un q_vector asociado con el anillo de prueba cuando se configura, ya que normalmente no se agregan interrupciones a los anillos de prueba. Para solucionar esto, agregu\u00e9 un c\u00f3digo que verificar\u00e1 si hay un q_vector antes de devolver un valor de napi_id. Si un q_vector no est\u00e1 presente, devolver\u00e1 un valor de 0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11.0\",\"versionEndExcluding\":\"5.11.16\",\"matchCriteriaId\":\"3C5242B9-B5BD-4578-AD66-69DF59D54A14\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.