cve-2021-46969
Vulnerability from cvelistv5
Published
2024-02-27 18:47
Modified
2024-09-11 17:33
Severity
Summary
bus: mhi: core: Fix invalid error returning in mhi_queue
References
SourceURLTags
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0ecc1c70dcd32c0f081b173a1a5d89952686f271
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a99b661c3187365f81026d89b1133a76cd2652b3
Impacted products
VendorProduct
LinuxLinux
LinuxLinux
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.873Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a99b661c3187365f81026d89b1133a76cd2652b3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0ecc1c70dcd32c0f081b173a1a5d89952686f271"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46969",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:01:28.491057Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:45.299Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/bus/mhi/core/main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a99b661c3187",
              "status": "affected",
              "version": "a8f75cb348fd",
              "versionType": "git"
            },
            {
              "lessThan": "0ecc1c70dcd3",
              "status": "affected",
              "version": "a8f75cb348fd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/bus/mhi/core/main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.3",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: core: Fix invalid error returning in mhi_queue\n\nmhi_queue returns an error when the doorbell is not accessible in\nthe current state. This can happen when the device is in non M0\nstate, like M3, and needs to be waken-up prior ringing the DB. This\ncase is managed earlier by triggering an asynchronous M3 exit via\ncontroller resume/suspend callbacks, that in turn will cause M0\ntransition and DB update.\n\nSo, since it\u0027s not an error but just delaying of doorbell update, there\nis no reason to return an error.\n\nThis also fixes a use after free error for skb case, indeed a caller\nqueuing skb will try to free the skb if the queueing fails, but in\nthat case queueing has been done."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T04:59:43.971Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a99b661c3187365f81026d89b1133a76cd2652b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/0ecc1c70dcd32c0f081b173a1a5d89952686f271"
        }
      ],
      "title": "bus: mhi: core: Fix invalid error returning in mhi_queue",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46969",
    "datePublished": "2024-02-27T18:47:05.463Z",
    "dateReserved": "2024-02-27T18:42:55.943Z",
    "dateUpdated": "2024-09-11T17:33:45.299Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-46969\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-27T19:04:07.260\",\"lastModified\":\"2024-02-28T14:06:45.783\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbus: mhi: core: Fix invalid error returning in mhi_queue\\n\\nmhi_queue returns an error when the doorbell is not accessible in\\nthe current state. This can happen when the device is in non M0\\nstate, like M3, and needs to be waken-up prior ringing the DB. This\\ncase is managed earlier by triggering an asynchronous M3 exit via\\ncontroller resume/suspend callbacks, that in turn will cause M0\\ntransition and DB update.\\n\\nSo, since it\u0027s not an error but just delaying of doorbell update, there\\nis no reason to return an error.\\n\\nThis also fixes a use after free error for skb case, indeed a caller\\nqueuing skb will try to free the skb if the queueing fails, but in\\nthat case queueing has been done.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bus: mhi: core: corrige el error no v\u00e1lido que regresa en mhi_queue mhi_queue devuelve un error cuando no se puede acceder al timbre en el estado actual. Esto puede suceder cuando el dispositivo no est\u00e1 en un estado M0, como M3, y es necesario activarlo antes de llamar a la base de datos. Este caso se gestiona anteriormente activando una salida asincr\u00f3nica de M3 a trav\u00e9s de devoluciones de llamada de reanudaci\u00f3n/suspensi\u00f3n del controlador, que a su vez provocar\u00e1 la transici\u00f3n de M0 y la actualizaci\u00f3n de la base de datos. Entonces, dado que no es un error sino simplemente un retraso en la actualizaci\u00f3n del timbre, no hay raz\u00f3n para devolver un error. Esto tambi\u00e9n corrige un error de uso despu\u00e9s de la liberaci\u00f3n para el caso de skb; de hecho, una persona que llama al skb en cola intentar\u00e1 liberar el skb si la cola falla, pero en ese caso la cola ya se realiz\u00f3.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0ecc1c70dcd32c0f081b173a1a5d89952686f271\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a99b661c3187365f81026d89b1133a76cd2652b3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.