Action not permitted
Modal body text goes here.
wid-sec-w-2024-0500
Vulnerability from csaf_certbund
Published
2024-02-27 23:00
Modified
2024-06-11 22:00
Summary
Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0500 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0500.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0500 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0500"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022715-CVE-2021-46954-b856@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-10-gregkh@linuxfoundation.org/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-7-gregkh@linuxfoundation.org/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-8-gregkh@linuxfoundation.org/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-9-gregkh@linuxfoundation.org/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46955-b50b@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46956-df60@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46957-90af@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46958-53ff@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46960-f5ac@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46961-6212@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46962-e081@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46963-32a8@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46964-da8c@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46965-3b74@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46966-1469@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46967-c991@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46968-8c71@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46969-3263@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46970-de08@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46971-9534@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46972-2ec2@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46973-20ce@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46974-0852@gregkh/"
},
{
"category": "external",
"summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
"url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46975-248d@gregkh/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0857-1 vom 2024-03-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018154.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0856-1 vom 2024-03-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018155.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0926-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018204.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0925-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018205.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0976-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018185.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0975-1 vom 2024-03-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018186.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6739-1 vom 2024-04-19",
"url": "https://ubuntu.com/security/notices/USN-6739-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1454-1 vom 2024-04-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018431.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-198 vom 2024-05-08",
"url": "https://www.dell.com/support/kbdoc/000224827/dsa-2024-="
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1642-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018530.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1643-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018529.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1645-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018527.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1648-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018524.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1646-1 vom 2024-05-14",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018526.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1650-1 vom 2024-05-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018533.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1648-2 vom 2024-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018572.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1870-1 vom 2024-05-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018634.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1983-1 vom 2024-06-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018700.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
"tracking": {
"current_release_date": "2024-06-11T22:00:00.000+00:00",
"generator": {
"date": "2024-06-12T08:09:46.571+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2024-0500",
"initial_release_date": "2024-02-27T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-02-27T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-03-12T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-03-24T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-04-21T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-04-28T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-07T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-05-14T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-21T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "10"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "virtual",
"product": {
"name": "Dell NetWorker virtual",
"product_id": "T034583",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "EMC Avamar",
"product": {
"name": "EMC Avamar",
"product_id": "T014381",
"product_identification_helper": {
"cpe": "cpe:/a:emc:avamar:-"
}
}
}
],
"category": "vendor",
"name": "EMC"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.13",
"product": {
"name": "Open Source Linux Kernel \u003c5.13",
"product_id": "T033114",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:5.13"
}
}
}
],
"category": "product_name",
"name": "Linux Kernel"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-46942",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46942"
},
{
"cve": "CVE-2021-46943",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46943"
},
{
"cve": "CVE-2021-46944",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46944"
},
{
"cve": "CVE-2021-46945",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46945"
},
{
"cve": "CVE-2021-46954",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46954"
},
{
"cve": "CVE-2021-46955",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46955"
},
{
"cve": "CVE-2021-46956",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46956"
},
{
"cve": "CVE-2021-46957",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46957"
},
{
"cve": "CVE-2021-46958",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46958"
},
{
"cve": "CVE-2021-46960",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46960"
},
{
"cve": "CVE-2021-46961",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46961"
},
{
"cve": "CVE-2021-46962",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46962"
},
{
"cve": "CVE-2021-46963",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46963"
},
{
"cve": "CVE-2021-46964",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46964"
},
{
"cve": "CVE-2021-46965",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46965"
},
{
"cve": "CVE-2021-46966",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46966"
},
{
"cve": "CVE-2021-46967",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46967"
},
{
"cve": "CVE-2021-46968",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46968"
},
{
"cve": "CVE-2021-46969",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46969"
},
{
"cve": "CVE-2021-46970",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46970"
},
{
"cve": "CVE-2021-46971",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46971"
},
{
"cve": "CVE-2021-46972",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46972"
},
{
"cve": "CVE-2021-46973",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46973"
},
{
"cve": "CVE-2021-46974",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46974"
},
{
"cve": "CVE-2021-46975",
"notes": [
{
"category": "description",
"text": "Im Linux-Kernel bestehen mehrere Schwachstellen. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie ext4, media oder virtiofs, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie use-after-free, out-of-bounds read, race condition und anderen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T014381",
"T002207",
"T000126",
"T034583"
]
},
"release_date": "2024-02-27T23:00:00Z",
"title": "CVE-2021-46975"
}
]
}
cve-2021-46973
Vulnerability from cvelistv5
Published
2024-02-27 18:47
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
net: qrtr: Avoid potential use after free in MHI send
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "48ec949ac979",
"status": "affected",
"version": "6e728f321393",
"versionType": "git"
},
{
"lessThan": "ea474054c2cc",
"status": "affected",
"version": "6e728f321393",
"versionType": "git"
},
{
"lessThanOrEqual": "03c649dee8b1",
"status": "affected",
"version": "6e728f321393",
"versionType": "git"
},
{
"lessThan": "47a017f33943",
"status": "affected",
"version": "6e728f321393",
"versionType": "git"
},
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.35",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.12",
"status": "unaffected",
"version": "5.11.19",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.13",
"status": "unaffected",
"version": "5.12.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-46973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-28T18:49:05.463431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T15:54:16.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.894Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/48ec949ac979b4b42d740f67b6177797af834f80"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea474054c2cc6e1284604b21361f475c7cc8c0a0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03c649dee8b1eb5600212a249542a70f47a5ab40"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47a017f33943278570c072bc71681809b2567b3a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/qrtr/mhi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "48ec949ac979",
"status": "affected",
"version": "6e728f321393",
"versionType": "git"
},
{
"lessThan": "ea474054c2cc",
"status": "affected",
"version": "6e728f321393",
"versionType": "git"
},
{
"lessThan": "03c649dee8b1",
"status": "affected",
"version": "6e728f321393",
"versionType": "git"
},
{
"lessThan": "47a017f33943",
"status": "affected",
"version": "6e728f321393",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/qrtr/mhi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: Avoid potential use after free in MHI send\n\nIt is possible that the MHI ul_callback will be invoked immediately\nfollowing the queueing of the skb for transmission, leading to the\ncallback decrementing the refcount of the associated sk and freeing the\nskb.\n\nAs such the dereference of skb and the increment of the sk refcount must\nhappen before the skb is queued, to avoid the skb to be used after free\nand potentially the sk to drop its last refcount.."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:56.833Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/48ec949ac979b4b42d740f67b6177797af834f80"
},
{
"url": "https://git.kernel.org/stable/c/ea474054c2cc6e1284604b21361f475c7cc8c0a0"
},
{
"url": "https://git.kernel.org/stable/c/03c649dee8b1eb5600212a249542a70f47a5ab40"
},
{
"url": "https://git.kernel.org/stable/c/47a017f33943278570c072bc71681809b2567b3a"
}
],
"title": "net: qrtr: Avoid potential use after free in MHI send",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46973",
"datePublished": "2024-02-27T18:47:07.880Z",
"dateReserved": "2024-02-27T18:42:55.944Z",
"dateUpdated": "2024-11-04T11:56:56.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46958
Vulnerability from cvelistv5
Published
2024-02-27 18:46
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
btrfs: fix race between transaction aborts and fsyncs leading to use-after-free
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46958",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T19:27:46.078537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T19:28:05.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/transaction.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a4794be7b00b",
"status": "affected",
"version": "ef67963dac25",
"versionType": "git"
},
{
"lessThan": "633f7f216663",
"status": "affected",
"version": "ef67963dac25",
"versionType": "git"
},
{
"lessThan": "e2da98788369",
"status": "affected",
"version": "ef67963dac25",
"versionType": "git"
},
{
"lessThan": "061dde824535",
"status": "affected",
"version": "ef67963dac25",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/transaction.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between transaction aborts and fsyncs leading to use-after-free\n\nThere is a race between a task aborting a transaction during a commit,\na task doing an fsync and the transaction kthread, which leads to an\nuse-after-free of the log root tree. When this happens, it results in a\nstack trace like the following:\n\n BTRFS info (device dm-0): forced readonly\n BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure\n BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5)\n BTRFS warning (device dm-0): Skipping commit of aborted transaction.\n BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10\n BTRFS error (device dm-0): error writing primary super block to device 1\n BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10\n BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10\n BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10\n BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers)\n BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure\n general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI\n CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n RIP: 0010:__mutex_lock+0x139/0xa40\n Code: c0 74 19 (...)\n RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202\n RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002\n RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040\n R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358\n FS: 00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n ? __btrfs_handle_fs_error+0xde/0x146 [btrfs]\n ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n ? btrfs_sync_log+0x7c1/0xf20 [btrfs]\n btrfs_sync_log+0x7c1/0xf20 [btrfs]\n btrfs_sync_file+0x40c/0x580 [btrfs]\n do_fsync+0x38/0x70\n __x64_sys_fsync+0x10/0x20\n do_syscall_64+0x33/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7fa9142a55c3\n Code: 8b 15 09 (...)\n RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a\n RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3\n RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005\n RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340\n R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0\n Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...)\n ---[ end trace ee2f1b19327d791d ]---\n\nThe steps that lead to this crash are the following:\n\n1) We are at transaction N;\n\n2) We have two tasks with a transaction handle attached to transaction N.\n Task A and Task B. Task B is doing an fsync;\n\n3) Task B is at btrfs_sync_log(), and has saved fs_info-\u003elog_root_tree\n into a local variable named \u0027log_root_tree\u0027 at the top of\n btrfs_sync_log(). Task B is about to call write_all_supers(), but\n before that...\n\n4) Task A calls btrfs_commit_transaction(), and after it sets the\n transaction state to TRANS_STATE_COMMIT_START, an error happens before\n it w\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:39.268Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a4794be7b00b7eda4b45fffd283ab7d76df7e5d6"
},
{
"url": "https://git.kernel.org/stable/c/633f7f216663587f17601eaa1cf2ac3d5654874c"
},
{
"url": "https://git.kernel.org/stable/c/e2da98788369bfba1138bada72765c47989a4338"
},
{
"url": "https://git.kernel.org/stable/c/061dde8245356d8864d29e25207aa4daa0be4d3c"
}
],
"title": "btrfs: fix race between transaction aborts and fsyncs leading to use-after-free",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46958",
"datePublished": "2024-02-27T18:46:59.315Z",
"dateReserved": "2024-02-27T18:42:55.939Z",
"dateUpdated": "2024-11-04T11:56:39.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46971
Vulnerability from cvelistv5
Published
2024-02-27 18:47
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
perf/core: Fix unconditional security_locked_down() call
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-28T20:22:11.491385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:04.676Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b246759284d6a2bc5b6f1009caeeb3abce2ec9ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4348d3b5027bc3ff6336368b6c60605d4ef8e1ce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f5809ca4c311b71bfaba6d13f4e39eab0557895e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7b0208ee370b89d20486fae71cd9abb759819c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/08ef1af4de5fe7de9c6d69f1e22e51b66e385d9b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/events/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b246759284d6",
"status": "affected",
"version": "b0c8fdc7fdb7",
"versionType": "git"
},
{
"lessThan": "4348d3b5027b",
"status": "affected",
"version": "b0c8fdc7fdb7",
"versionType": "git"
},
{
"lessThan": "f5809ca4c311",
"status": "affected",
"version": "b0c8fdc7fdb7",
"versionType": "git"
},
{
"lessThan": "c7b0208ee370",
"status": "affected",
"version": "b0c8fdc7fdb7",
"versionType": "git"
},
{
"lessThan": "08ef1af4de5f",
"status": "affected",
"version": "b0c8fdc7fdb7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/events/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix unconditional security_locked_down() call\n\nCurrently, the lockdown state is queried unconditionally, even though\nits result is used only if the PERF_SAMPLE_REGS_INTR bit is set in\nattr.sample_type. While that doesn\u0027t matter in case of the Lockdown LSM,\nit causes trouble with the SELinux\u0027s lockdown hook implementation.\n\nSELinux implements the locked_down hook with a check whether the current\ntask\u0027s type has the corresponding \"lockdown\" class permission\n(\"integrity\" or \"confidentiality\") allowed in the policy. This means\nthat calling the hook when the access control decision would be ignored\ngenerates a bogus permission check and audit record.\n\nFix this by checking sample_type first and only calling the hook when\nits result would be honored."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:54.535Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b246759284d6a2bc5b6f1009caeeb3abce2ec9ff"
},
{
"url": "https://git.kernel.org/stable/c/4348d3b5027bc3ff6336368b6c60605d4ef8e1ce"
},
{
"url": "https://git.kernel.org/stable/c/f5809ca4c311b71bfaba6d13f4e39eab0557895e"
},
{
"url": "https://git.kernel.org/stable/c/c7b0208ee370b89d20486fae71cd9abb759819c1"
},
{
"url": "https://git.kernel.org/stable/c/08ef1af4de5fe7de9c6d69f1e22e51b66e385d9b"
}
],
"title": "perf/core: Fix unconditional security_locked_down() call",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46971",
"datePublished": "2024-02-27T18:47:06.674Z",
"dateReserved": "2024-02-27T18:42:55.943Z",
"dateUpdated": "2024-11-04T11:56:54.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46972
Vulnerability from cvelistv5
Published
2024-02-27 18:47
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
ovl: fix leaked dentry
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46972",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T17:00:35.229463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T17:00:43.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/71d58457a8afc650da5d3292a7f7029317654d95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf3e3330bc5719fa9d658e3e2f596bde89344a94"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d587cfaef72b1b6f4b2774827123bce91f497cc8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eaab1d45cdb4bb0c846bd23c3d666d5b90af7b41"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/overlayfs/namei.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "71d58457a8af",
"status": "affected",
"version": "6815f479ca90",
"versionType": "git"
},
{
"lessThan": "cf3e3330bc57",
"status": "affected",
"version": "6815f479ca90",
"versionType": "git"
},
{
"lessThan": "d587cfaef72b",
"status": "affected",
"version": "6815f479ca90",
"versionType": "git"
},
{
"lessThan": "eaab1d45cdb4",
"status": "affected",
"version": "6815f479ca90",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/overlayfs/namei.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix leaked dentry\n\nSince commit 6815f479ca90 (\"ovl: use only uppermetacopy state in\novl_lookup()\"), overlayfs doesn\u0027t put temporary dentry when there is a\nmetacopy error, which leads to dentry leaks when shutting down the related\nsuperblock:\n\n overlayfs: refusing to follow metacopy origin for (/file0)\n ...\n BUG: Dentry (____ptrval____){i=3f33,n=file3} still in use (1) [unmount of overlay overlay]\n ...\n WARNING: CPU: 1 PID: 432 at umount_check.cold+0x107/0x14d\n CPU: 1 PID: 432 Comm: unmount-overlay Not tainted 5.12.0-rc5 #1\n ...\n RIP: 0010:umount_check.cold+0x107/0x14d\n ...\n Call Trace:\n d_walk+0x28c/0x950\n ? dentry_lru_isolate+0x2b0/0x2b0\n ? __kasan_slab_free+0x12/0x20\n do_one_tree+0x33/0x60\n shrink_dcache_for_umount+0x78/0x1d0\n generic_shutdown_super+0x70/0x440\n kill_anon_super+0x3e/0x70\n deactivate_locked_super+0xc4/0x160\n deactivate_super+0xfa/0x140\n cleanup_mnt+0x22e/0x370\n __cleanup_mnt+0x1a/0x30\n task_work_run+0x139/0x210\n do_exit+0xb0c/0x2820\n ? __kasan_check_read+0x1d/0x30\n ? find_held_lock+0x35/0x160\n ? lock_release+0x1b6/0x660\n ? mm_update_next_owner+0xa20/0xa20\n ? reacquire_held_locks+0x3f0/0x3f0\n ? __sanitizer_cov_trace_const_cmp4+0x22/0x30\n do_group_exit+0x135/0x380\n __do_sys_exit_group.isra.0+0x20/0x20\n __x64_sys_exit_group+0x3c/0x50\n do_syscall_64+0x45/0x70\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n ...\n VFS: Busy inodes after unmount of overlay. Self-destruct in 5 seconds. Have a nice day...\n\nThis fix has been tested with a syzkaller reproducer."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:55.701Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/71d58457a8afc650da5d3292a7f7029317654d95"
},
{
"url": "https://git.kernel.org/stable/c/cf3e3330bc5719fa9d658e3e2f596bde89344a94"
},
{
"url": "https://git.kernel.org/stable/c/d587cfaef72b1b6f4b2774827123bce91f497cc8"
},
{
"url": "https://git.kernel.org/stable/c/eaab1d45cdb4bb0c846bd23c3d666d5b90af7b41"
}
],
"title": "ovl: fix leaked dentry",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46972",
"datePublished": "2024-02-27T18:47:07.276Z",
"dateReserved": "2024-02-27T18:42:55.943Z",
"dateUpdated": "2024-11-04T11:56:55.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46964
Vulnerability from cvelistv5
Published
2024-02-27 18:47
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
scsi: qla2xxx: Reserve extra IRQ vectors
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:43.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4ecd42dec858b6632c5f024fe13e9ad6c30f2734"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f86d66b38501e3ac66cf2d9f9f8ad6838bad0e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f02d4086a8f36a0e1aaebf559b54cf24a177a486"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46964",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:01:34.918435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:46.679Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_isr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4ecd42dec858",
"status": "affected",
"version": "a6dcfe08487e",
"versionType": "git"
},
{
"lessThan": "0f86d66b3850",
"status": "affected",
"version": "a6dcfe08487e",
"versionType": "git"
},
{
"lessThan": "f02d4086a8f3",
"status": "affected",
"version": "a6dcfe08487e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_isr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Reserve extra IRQ vectors\n\nCommit a6dcfe08487e (\"scsi: qla2xxx: Limit interrupt vectors to number of\nCPUs\") lowers the number of allocated MSI-X vectors to the number of CPUs.\n\nThat breaks vector allocation assumptions in qla83xx_iospace_config(),\nqla24xx_enable_msix() and qla2x00_iospace_config(). Either of the functions\ncomputes maximum number of qpairs as:\n\n ha-\u003emax_qpairs = ha-\u003emsix_count - 1 (MB interrupt) - 1 (default\n response queue) - 1 (ATIO, in dual or pure target mode)\n\nmax_qpairs is set to zero in case of two CPUs and initiator mode. The\nnumber is then used to allocate ha-\u003equeue_pair_map inside\nqla2x00_alloc_queues(). No allocation happens and ha-\u003equeue_pair_map is\nleft NULL but the driver thinks there are queue pairs available.\n\nqla2xxx_queuecommand() tries to find a qpair in the map and crashes:\n\n if (ha-\u003emqenable) {\n uint32_t tag;\n uint16_t hwq;\n struct qla_qpair *qpair = NULL;\n\n tag = blk_mq_unique_tag(cmd-\u003erequest);\n hwq = blk_mq_unique_tag_to_hwq(tag);\n qpair = ha-\u003equeue_pair_map[hwq]; # \u003c- HERE\n\n if (qpair)\n return qla2xxx_mqueuecommand(host, cmd, qpair);\n }\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP PTI\n CPU: 0 PID: 72 Comm: kworker/u4:3 Tainted: G W 5.10.0-rc1+ #25\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014\n Workqueue: scsi_wq_7 fc_scsi_scan_rport [scsi_transport_fc]\n RIP: 0010:qla2xxx_queuecommand+0x16b/0x3f0 [qla2xxx]\n Call Trace:\n scsi_queue_rq+0x58c/0xa60\n blk_mq_dispatch_rq_list+0x2b7/0x6f0\n ? __sbitmap_get_word+0x2a/0x80\n __blk_mq_sched_dispatch_requests+0xb8/0x170\n blk_mq_sched_dispatch_requests+0x2b/0x50\n __blk_mq_run_hw_queue+0x49/0xb0\n __blk_mq_delay_run_hw_queue+0xfb/0x150\n blk_mq_sched_insert_request+0xbe/0x110\n blk_execute_rq+0x45/0x70\n __scsi_execute+0x10e/0x250\n scsi_probe_and_add_lun+0x228/0xda0\n __scsi_scan_target+0xf4/0x620\n ? __pm_runtime_resume+0x4f/0x70\n scsi_scan_target+0x100/0x110\n fc_scsi_scan_rport+0xa1/0xb0 [scsi_transport_fc]\n process_one_work+0x1ea/0x3b0\n worker_thread+0x28/0x3b0\n ? process_one_work+0x3b0/0x3b0\n kthread+0x112/0x130\n ? kthread_park+0x80/0x80\n ret_from_fork+0x22/0x30\n\nThe driver should allocate enough vectors to provide every CPU it\u0027s own HW\nqueue and still handle reserved (MB, RSP, ATIO) interrupts.\n\nThe change fixes the crash on dual core VM and prevents unbalanced QP\nallocation where nr_hw_queues is two less than the number of CPUs."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:46.423Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4ecd42dec858b6632c5f024fe13e9ad6c30f2734"
},
{
"url": "https://git.kernel.org/stable/c/0f86d66b38501e3ac66cf2d9f9f8ad6838bad0e6"
},
{
"url": "https://git.kernel.org/stable/c/f02d4086a8f36a0e1aaebf559b54cf24a177a486"
}
],
"title": "scsi: qla2xxx: Reserve extra IRQ vectors",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46964",
"datePublished": "2024-02-27T18:47:02.404Z",
"dateReserved": "2024-02-27T18:42:55.942Z",
"dateUpdated": "2024-11-04T11:56:46.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46945
Vulnerability from cvelistv5
Published
2024-02-27 18:40
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
ext4: always panic when errors=panic is specified
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T17:01:37.364142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T17:01:44.888Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:43.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/64e1eebe2131183174f4fbb6b1491355f96c6cde"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e9ea8f4637026b8e965128953f2da061ccae9c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac2f7ca51b0929461ea49918f27c11b680f28995"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "64e1eebe2131",
"status": "affected",
"version": "014c9caa29d3",
"versionType": "git"
},
{
"lessThan": "1e9ea8f46370",
"status": "affected",
"version": "014c9caa29d3",
"versionType": "git"
},
{
"lessThan": "ac2f7ca51b09",
"status": "affected",
"version": "014c9caa29d3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: always panic when errors=panic is specified\n\nBefore commit 014c9caa29d3 (\"ext4: make ext4_abort() use\n__ext4_error()\"), the following series of commands would trigger a\npanic:\n\n1. mount /dev/sda -o ro,errors=panic test\n2. mount /dev/sda -o remount,abort test\n\nAfter commit 014c9caa29d3, remounting a file system using the test\nmount option \"abort\" will no longer trigger a panic. This commit will\nrestore the behaviour immediately before commit 014c9caa29d3.\n(However, note that the Linux kernel\u0027s behavior has not been\nconsistent; some previous kernel versions, including 5.4 and 4.19\nsimilarly did not panic after using the mount option \"abort\".)\n\nThis also makes a change to long-standing behaviour; namely, the\nfollowing series commands will now cause a panic, when previously it\ndid not:\n\n1. mount /dev/sda -o ro,errors=panic test\n2. echo test \u003e /sys/fs/ext4/sda/trigger_fs_error\n\nHowever, this makes ext4\u0027s behaviour much more consistent, so this is\na good thing."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:25.093Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/64e1eebe2131183174f4fbb6b1491355f96c6cde"
},
{
"url": "https://git.kernel.org/stable/c/1e9ea8f4637026b8e965128953f2da061ccae9c4"
},
{
"url": "https://git.kernel.org/stable/c/ac2f7ca51b0929461ea49918f27c11b680f28995"
}
],
"title": "ext4: always panic when errors=panic is specified",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46945",
"datePublished": "2024-02-27T18:40:31.095Z",
"dateReserved": "2024-02-25T13:45:52.721Z",
"dateUpdated": "2024-11-04T11:56:25.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46956
Vulnerability from cvelistv5
Published
2024-02-27 18:46
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
virtiofs: fix memory leak in virtio_fs_probe()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-27T19:29:39.801497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:02.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/310efc95c72c13faf855c692d19cd4d054d827c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d19555ff225d0896a33246a49279e6d578095f15"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9b9d60c0eb8ada99cce2a9ab5c15dffc523b01ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5116e79fc6e6725b8acdad8b7e928a83ab7b47e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c79c5e0178922a9e092ec8fed026750f39dcaef4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/fuse/virtio_fs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "310efc95c72c",
"status": "affected",
"version": "a62a8ef9d97d",
"versionType": "git"
},
{
"lessThan": "d19555ff225d",
"status": "affected",
"version": "a62a8ef9d97d",
"versionType": "git"
},
{
"lessThan": "9b9d60c0eb8a",
"status": "affected",
"version": "a62a8ef9d97d",
"versionType": "git"
},
{
"lessThan": "5116e79fc6e6",
"status": "affected",
"version": "a62a8ef9d97d",
"versionType": "git"
},
{
"lessThan": "c79c5e017892",
"status": "affected",
"version": "a62a8ef9d97d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/fuse/virtio_fs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.118",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtiofs: fix memory leak in virtio_fs_probe()\n\nWhen accidentally passing twice the same tag to qemu, kmemleak ended up\nreporting a memory leak in virtiofs. Also, looking at the log I saw the\nfollowing error (that\u0027s when I realised the duplicated tag):\n\n virtiofs: probe of virtio5 failed with error -17\n\nHere\u0027s the kmemleak log for reference:\n\nunreferenced object 0xffff888103d47800 (size 1024):\n comm \"systemd-udevd\", pid 118, jiffies 4294893780 (age 18.340s)\n hex dump (first 32 bytes):\n 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N..........\n ff ff ff ff ff ff ff ff 80 90 02 a0 ff ff ff ff ................\n backtrace:\n [\u003c000000000ebb87c1\u003e] virtio_fs_probe+0x171/0x7ae [virtiofs]\n [\u003c00000000f8aca419\u003e] virtio_dev_probe+0x15f/0x210\n [\u003c000000004d6baf3c\u003e] really_probe+0xea/0x430\n [\u003c00000000a6ceeac8\u003e] device_driver_attach+0xa8/0xb0\n [\u003c00000000196f47a7\u003e] __driver_attach+0x98/0x140\n [\u003c000000000b20601d\u003e] bus_for_each_dev+0x7b/0xc0\n [\u003c00000000399c7b7f\u003e] bus_add_driver+0x11b/0x1f0\n [\u003c0000000032b09ba7\u003e] driver_register+0x8f/0xe0\n [\u003c00000000cdd55998\u003e] 0xffffffffa002c013\n [\u003c000000000ea196a2\u003e] do_one_initcall+0x64/0x2e0\n [\u003c0000000008f727ce\u003e] do_init_module+0x5c/0x260\n [\u003c000000003cdedab6\u003e] __do_sys_finit_module+0xb5/0x120\n [\u003c00000000ad2f48c6\u003e] do_syscall_64+0x33/0x40\n [\u003c00000000809526b5\u003e] entry_SYSCALL_64_after_hwframe+0x44/0xae"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:36.886Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/310efc95c72c13faf855c692d19cd4d054d827c8"
},
{
"url": "https://git.kernel.org/stable/c/d19555ff225d0896a33246a49279e6d578095f15"
},
{
"url": "https://git.kernel.org/stable/c/9b9d60c0eb8ada99cce2a9ab5c15dffc523b01ae"
},
{
"url": "https://git.kernel.org/stable/c/5116e79fc6e6725b8acdad8b7e928a83ab7b47e6"
},
{
"url": "https://git.kernel.org/stable/c/c79c5e0178922a9e092ec8fed026750f39dcaef4"
}
],
"title": "virtiofs: fix memory leak in virtio_fs_probe()",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46956",
"datePublished": "2024-02-27T18:46:58.101Z",
"dateReserved": "2024-02-27T18:42:55.937Z",
"dateUpdated": "2024-11-04T11:56:36.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46966
Vulnerability from cvelistv5
Published
2024-02-27 18:47
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
ACPI: custom_method: fix potential use-after-free issue
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T17:00:55.492289Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T17:01:03.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d53ca5d131074c925ce38361fb0376d3bf7e394"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b04d57f30caf76649d0567551589af9a66ca9be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/90575d1d9311b753cf1718f4ce9061ddda7dfd23"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a5b26a2e362f572d87e9fd35435680e557052a17"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/72814a94c38a33239793f7622cec6ace1e540c4b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62dc2440ebb552aa0d7f635e1697e077d9d21203"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f16737caf41fc06cfe6e49048becb09657074d4b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7a5baaae212a686ceb812c32fceed79c03c0234"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e483bb9a991bdae29a0caa4b3a6d002c968f94aa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/acpi/custom_method.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1d53ca5d1310",
"status": "affected",
"version": "4bda2b79a9d0",
"versionType": "git"
},
{
"lessThan": "8b04d57f30ca",
"status": "affected",
"version": "5c12dadcbef8",
"versionType": "git"
},
{
"lessThan": "90575d1d9311",
"status": "affected",
"version": "35b88a10535e",
"versionType": "git"
},
{
"lessThan": "a5b26a2e362f",
"status": "affected",
"version": "e4467fb6ef54",
"versionType": "git"
},
{
"lessThan": "72814a94c38a",
"status": "affected",
"version": "03d1571d9513",
"versionType": "git"
},
{
"lessThan": "62dc2440ebb5",
"status": "affected",
"version": "03d1571d9513",
"versionType": "git"
},
{
"lessThan": "f16737caf41f",
"status": "affected",
"version": "03d1571d9513",
"versionType": "git"
},
{
"lessThan": "b7a5baaae212",
"status": "affected",
"version": "03d1571d9513",
"versionType": "git"
},
{
"lessThan": "e483bb9a991b",
"status": "affected",
"version": "03d1571d9513",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/acpi/custom_method.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.233",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.191",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.118",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: custom_method: fix potential use-after-free issue\n\nIn cm_write(), buf is always freed when reaching the end of the\nfunction. If the requested count is less than table.length, the\nallocated buffer will be freed but subsequent calls to cm_write() will\nstill try to access it.\n\nRemove the unconditional kfree(buf) at the end of the function and\nset the buf to NULL in the -EINVAL error path to match the rest of\nfunction."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:48.746Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1d53ca5d131074c925ce38361fb0376d3bf7e394"
},
{
"url": "https://git.kernel.org/stable/c/8b04d57f30caf76649d0567551589af9a66ca9be"
},
{
"url": "https://git.kernel.org/stable/c/90575d1d9311b753cf1718f4ce9061ddda7dfd23"
},
{
"url": "https://git.kernel.org/stable/c/a5b26a2e362f572d87e9fd35435680e557052a17"
},
{
"url": "https://git.kernel.org/stable/c/72814a94c38a33239793f7622cec6ace1e540c4b"
},
{
"url": "https://git.kernel.org/stable/c/62dc2440ebb552aa0d7f635e1697e077d9d21203"
},
{
"url": "https://git.kernel.org/stable/c/f16737caf41fc06cfe6e49048becb09657074d4b"
},
{
"url": "https://git.kernel.org/stable/c/b7a5baaae212a686ceb812c32fceed79c03c0234"
},
{
"url": "https://git.kernel.org/stable/c/e483bb9a991bdae29a0caa4b3a6d002c968f94aa"
}
],
"title": "ACPI: custom_method: fix potential use-after-free issue",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46966",
"datePublished": "2024-02-27T18:47:03.631Z",
"dateReserved": "2024-02-27T18:42:55.943Z",
"dateUpdated": "2024-11-04T11:56:48.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46962
Vulnerability from cvelistv5
Published
2024-02-27 18:47
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
mmc: uniphier-sd: Fix a resource leak in the remove function
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T20:16:05.784060Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:10.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d8941b9b2d3e7b3481fdf43b1a6189d162175b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25ac6ce65f1ab458982d15ec1caf441acd37106a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ebe0f12cf4c044f812c6d17011531582f9ac8bb3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d6e7fda496978f2763413b5523557b38dc2bf6c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e29c84857e2d51aa017ce04284b962742fb97d9e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mmc/host/uniphier-sd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0d8941b9b2d3",
"status": "affected",
"version": "3fd784f745dd",
"versionType": "git"
},
{
"lessThan": "25ac6ce65f1a",
"status": "affected",
"version": "3fd784f745dd",
"versionType": "git"
},
{
"lessThan": "ebe0f12cf4c0",
"status": "affected",
"version": "3fd784f745dd",
"versionType": "git"
},
{
"lessThan": "d6e7fda49697",
"status": "affected",
"version": "3fd784f745dd",
"versionType": "git"
},
{
"lessThan": "e29c84857e2d",
"status": "affected",
"version": "3fd784f745dd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mmc/host/uniphier-sd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.118",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: uniphier-sd: Fix a resource leak in the remove function\n\nA \u0027tmio_mmc_host_free()\u0027 call is missing in the remove function, in order\nto balance a \u0027tmio_mmc_host_alloc()\u0027 call in the probe.\nThis is done in the error handling path of the probe, but not in the remove\nfunction.\n\nAdd the missing call."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:43.933Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0d8941b9b2d3e7b3481fdf43b1a6189d162175b7"
},
{
"url": "https://git.kernel.org/stable/c/25ac6ce65f1ab458982d15ec1caf441acd37106a"
},
{
"url": "https://git.kernel.org/stable/c/ebe0f12cf4c044f812c6d17011531582f9ac8bb3"
},
{
"url": "https://git.kernel.org/stable/c/d6e7fda496978f2763413b5523557b38dc2bf6c2"
},
{
"url": "https://git.kernel.org/stable/c/e29c84857e2d51aa017ce04284b962742fb97d9e"
}
],
"title": "mmc: uniphier-sd: Fix a resource leak in the remove function",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46962",
"datePublished": "2024-02-27T18:47:01.169Z",
"dateReserved": "2024-02-27T18:42:55.942Z",
"dateUpdated": "2024-11-04T11:56:43.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46942
Vulnerability from cvelistv5
Published
2024-02-27 18:40
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
io_uring: fix shared sqpoll cancellation hangs
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cb5e0b3d0f993a6268c1a2c7ede2f9aa0c17ef68"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/734551df6f9bedfbefcd113ede665945e9de0b99"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46942",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:01:51.334180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:54.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/io_uring.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cb5e0b3d0f99",
"status": "affected",
"version": "37d1e2e3642e",
"versionType": "git"
},
{
"lessThan": "734551df6f9b",
"status": "affected",
"version": "37d1e2e3642e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/io_uring.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix shared sqpoll cancellation hangs\n\n[ 736.982891] INFO: task iou-sqp-4294:4295 blocked for more than 122 seconds.\n[ 736.982897] Call Trace:\n[ 736.982901] schedule+0x68/0xe0\n[ 736.982903] io_uring_cancel_sqpoll+0xdb/0x110\n[ 736.982908] io_sqpoll_cancel_cb+0x24/0x30\n[ 736.982911] io_run_task_work_head+0x28/0x50\n[ 736.982913] io_sq_thread+0x4e3/0x720\n\nWe call io_uring_cancel_sqpoll() one by one for each ctx either in\nsq_thread() itself or via task works, and it\u0027s intended to cancel all\nrequests of a specified context. However the function uses per-task\ncounters to track the number of inflight requests, so it counts more\nrequests than available via currect io_uring ctx and goes to sleep for\nthem to appear (e.g. from IRQ), that will never happen.\n\nCancel a bit more than before, i.e. all ctxs that share sqpoll\nand continue to use shared counters. Don\u0027t forget that we should not\nremove ctx from the list before running that task_work sqpoll-cancel,\notherwise the function wouldn\u0027t be able to find the context and will\nhang."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:21.646Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cb5e0b3d0f993a6268c1a2c7ede2f9aa0c17ef68"
},
{
"url": "https://git.kernel.org/stable/c/734551df6f9bedfbefcd113ede665945e9de0b99"
}
],
"title": "io_uring: fix shared sqpoll cancellation hangs",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46942",
"datePublished": "2024-02-27T18:40:29.280Z",
"dateReserved": "2024-02-25T13:45:52.721Z",
"dateUpdated": "2024-11-04T11:56:21.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46954
Vulnerability from cvelistv5
Published
2024-02-27 18:46
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
net/sched: sch_frag: fix stack OOB read while fragmenting IPv4 packets
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-27T19:36:31.837631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:04.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/018bb8da5b5888e19585f9b802f036afe643fcef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e6dfb7beeb6489ac1365b8a71052e737f5da76e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31fe34a0118e0acc958c802e830ad5d37ef6b1d3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/sch_frag.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "018bb8da5b58",
"status": "affected",
"version": "c129412f74e9",
"versionType": "git"
},
{
"lessThan": "8e6dfb7beeb6",
"status": "affected",
"version": "c129412f74e9",
"versionType": "git"
},
{
"lessThan": "31fe34a0118e",
"status": "affected",
"version": "c129412f74e9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/sch_frag.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: sch_frag: fix stack OOB read while fragmenting IPv4 packets\n\nwhen \u0027act_mirred\u0027 tries to fragment IPv4 packets that had been previously\nre-assembled using \u0027act_ct\u0027, splats like the following can be observed on\nkernels built with KASAN:\n\n BUG: KASAN: stack-out-of-bounds in ip_do_fragment+0x1b03/0x1f60\n Read of size 1 at addr ffff888147009574 by task ping/947\n\n CPU: 0 PID: 947 Comm: ping Not tainted 5.12.0-rc6+ #418\n Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014\n Call Trace:\n \u003cIRQ\u003e\n dump_stack+0x92/0xc1\n print_address_description.constprop.7+0x1a/0x150\n kasan_report.cold.13+0x7f/0x111\n ip_do_fragment+0x1b03/0x1f60\n sch_fragment+0x4bf/0xe40\n tcf_mirred_act+0xc3d/0x11a0 [act_mirred]\n tcf_action_exec+0x104/0x3e0\n fl_classify+0x49a/0x5e0 [cls_flower]\n tcf_classify_ingress+0x18a/0x820\n __netif_receive_skb_core+0xae7/0x3340\n __netif_receive_skb_one_core+0xb6/0x1b0\n process_backlog+0x1ef/0x6c0\n __napi_poll+0xaa/0x500\n net_rx_action+0x702/0xac0\n __do_softirq+0x1e4/0x97f\n do_softirq+0x71/0x90\n \u003c/IRQ\u003e\n __local_bh_enable_ip+0xdb/0xf0\n ip_finish_output2+0x760/0x2120\n ip_do_fragment+0x15a5/0x1f60\n __ip_finish_output+0x4c2/0xea0\n ip_output+0x1ca/0x4d0\n ip_send_skb+0x37/0xa0\n raw_sendmsg+0x1c4b/0x2d00\n sock_sendmsg+0xdb/0x110\n __sys_sendto+0x1d7/0x2b0\n __x64_sys_sendto+0xdd/0x1b0\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f82e13853eb\n Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 75 42 2c 00 41 89 ca 8b 00 85 c0 75 14 b8 2c 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 75 c3 0f 1f 40 00 41 57 4d 89 c7 41 56 41 89\n RSP: 002b:00007ffe01fad888 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\n RAX: ffffffffffffffda RBX: 00005571aac13700 RCX: 00007f82e13853eb\n RDX: 0000000000002330 RSI: 00005571aac13700 RDI: 0000000000000003\n RBP: 0000000000002330 R08: 00005571aac10500 R09: 0000000000000010\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe01faefb0\n R13: 00007ffe01fad890 R14: 00007ffe01fad980 R15: 00005571aac0f0a0\n\n The buggy address belongs to the page:\n page:000000001dff2e03 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x147009\n flags: 0x17ffffc0001000(reserved)\n raw: 0017ffffc0001000 ffffea00051c0248 ffffea00051c0248 0000000000000000\n raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff888147009400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888147009480: f1 f1 f1 f1 04 f2 f2 f2 f2 f2 f2 f2 00 00 00 00\n \u003effff888147009500: 00 00 00 00 00 00 00 00 00 00 f2 f2 f2 f2 f2 f2\n ^\n ffff888147009580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888147009600: 00 00 00 00 00 00 00 00 00 00 00 00 00 f2 f2 f2\n\nfor IPv4 packets, sch_fragment() uses a temporary struct dst_entry. Then,\nin the following call graph:\n\n ip_do_fragment()\n ip_skb_dst_mtu()\n ip_dst_mtu_maybe_forward()\n ip_mtu_locked()\n\nthe pointer to struct dst_entry is used as pointer to struct rtable: this\nturns the access to struct members like rt_mtu_locked into an OOB read in\nthe stack. Fix this changing the temporary variable used for IPv4 packets\nin sch_fragment(), similarly to what is done for IPv6 few lines below."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:34.552Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/018bb8da5b5888e19585f9b802f036afe643fcef"
},
{
"url": "https://git.kernel.org/stable/c/8e6dfb7beeb6489ac1365b8a71052e737f5da76e"
},
{
"url": "https://git.kernel.org/stable/c/31fe34a0118e0acc958c802e830ad5d37ef6b1d3"
}
],
"title": "net/sched: sch_frag: fix stack OOB read while fragmenting IPv4 packets",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46954",
"datePublished": "2024-02-27T18:46:56.804Z",
"dateReserved": "2024-02-27T18:42:55.937Z",
"dateUpdated": "2024-11-04T11:56:34.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46974
Vulnerability from cvelistv5
Published
2024-02-27 18:47
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
bpf: Fix masking negation logic upon negative dst register
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T16:32:03.243683Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:10.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:43.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d542ddb88fb2f39bf7f14caa2902f3e8d06f6ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0e2dfdc74a7f4036127356d42ea59388f153f42c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/53e0db429b37a32b8fc706d0d90eb4583ad13848"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2cfa537674cd1051a3b8111536d77d0558f33d5d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6eba92a4d4be8feb4dc33976abac544fa99d6ecc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7cf64d8679ca1cb20cf57d6a88bfee79a0922a66"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9b34ddbe2076ade359cd5ce7537d5ed019e9807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4d542ddb88fb",
"status": "affected",
"version": "ae03b6b1c880",
"versionType": "git"
},
{
"lessThan": "0e2dfdc74a7f",
"status": "affected",
"version": "f92a819b4cbe",
"versionType": "git"
},
{
"lessThan": "53e0db429b37",
"status": "affected",
"version": "979d63d50c0c",
"versionType": "git"
},
{
"lessThan": "2cfa537674cd",
"status": "affected",
"version": "979d63d50c0c",
"versionType": "git"
},
{
"lessThan": "6eba92a4d4be",
"status": "affected",
"version": "979d63d50c0c",
"versionType": "git"
},
{
"lessThan": "7cf64d8679ca",
"status": "affected",
"version": "979d63d50c0c",
"versionType": "git"
},
{
"lessThan": "b9b34ddbe207",
"status": "affected",
"version": "979d63d50c0c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/verifier.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.233",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.190",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix masking negation logic upon negative dst register\n\nThe negation logic for the case where the off_reg is sitting in the\ndst register is not correct given then we cannot just invert the add\nto a sub or vice versa. As a fix, perform the final bitwise and-op\nunconditionally into AX from the off_reg, then move the pointer from\nthe src to dst and finally use AX as the source for the original\npointer arithmetic operation such that the inversion yields a correct\nresult. The single non-AX mov in between is possible given constant\nblinding is retaining it as it\u0027s not an immediate based operation."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:57.967Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4d542ddb88fb2f39bf7f14caa2902f3e8d06f6ba"
},
{
"url": "https://git.kernel.org/stable/c/0e2dfdc74a7f4036127356d42ea59388f153f42c"
},
{
"url": "https://git.kernel.org/stable/c/53e0db429b37a32b8fc706d0d90eb4583ad13848"
},
{
"url": "https://git.kernel.org/stable/c/2cfa537674cd1051a3b8111536d77d0558f33d5d"
},
{
"url": "https://git.kernel.org/stable/c/6eba92a4d4be8feb4dc33976abac544fa99d6ecc"
},
{
"url": "https://git.kernel.org/stable/c/7cf64d8679ca1cb20cf57d6a88bfee79a0922a66"
},
{
"url": "https://git.kernel.org/stable/c/b9b34ddbe2076ade359cd5ce7537d5ed019e9807"
}
],
"title": "bpf: Fix masking negation logic upon negative dst register",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46974",
"datePublished": "2024-02-27T18:47:08.487Z",
"dateReserved": "2024-02-27T18:42:55.944Z",
"dateUpdated": "2024-11-04T11:56:57.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46975
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-03-19T13:14:36.957Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46975",
"datePublished": "2024-02-27T18:47:09.100Z",
"dateRejected": "2024-03-19T13:14:36.957Z",
"dateReserved": "2024-02-27T18:42:55.944Z",
"dateUpdated": "2024-03-19T13:14:36.957Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
cve-2021-46965
Vulnerability from cvelistv5
Published
2024-02-27 18:47
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
mtd: physmap: physmap-bt1-rom: Fix unintentional stack access
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-27T19:38:51.925558Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:13.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/34ec706bf0b7c4ca249a729c1bcb91f706c7a7be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e4ebb827bf09311469ffd9d0c14ed40ed9747aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d786870e3262ec098a3b4ed10b895176bc66ecb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/683313993dbe1651c7aa00bb42a041d70e914925"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mtd/maps/physmap-bt1-rom.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "34ec706bf0b7",
"status": "affected",
"version": "b3e79e7682e0",
"versionType": "git"
},
{
"lessThan": "4e4ebb827bf0",
"status": "affected",
"version": "b3e79e7682e0",
"versionType": "git"
},
{
"lessThan": "4d786870e326",
"status": "affected",
"version": "b3e79e7682e0",
"versionType": "git"
},
{
"lessThan": "683313993dbe",
"status": "affected",
"version": "b3e79e7682e0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mtd/maps/physmap-bt1-rom.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: physmap: physmap-bt1-rom: Fix unintentional stack access\n\nCast \u0026data to (char *) in order to avoid unintentionally accessing\nthe stack.\n\nNotice that data is of type u32, so any increment to \u0026data\nwill be in the order of 4-byte chunks, and this piece of code\nis actually intended to be a byte offset.\n\nAddresses-Coverity-ID: 1497765 (\"Out-of-bounds access\")"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:47.594Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/34ec706bf0b7c4ca249a729c1bcb91f706c7a7be"
},
{
"url": "https://git.kernel.org/stable/c/4e4ebb827bf09311469ffd9d0c14ed40ed9747aa"
},
{
"url": "https://git.kernel.org/stable/c/4d786870e3262ec098a3b4ed10b895176bc66ecb"
},
{
"url": "https://git.kernel.org/stable/c/683313993dbe1651c7aa00bb42a041d70e914925"
}
],
"title": "mtd: physmap: physmap-bt1-rom: Fix unintentional stack access",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46965",
"datePublished": "2024-02-27T18:47:03.022Z",
"dateReserved": "2024-02-27T18:42:55.942Z",
"dateUpdated": "2024-11-04T11:56:47.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46955
Vulnerability from cvelistv5
Published
2024-02-27 18:46
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
openvswitch: fix stack OOB read while fragmenting IPv4 packets
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T17:01:12.713223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T17:01:24.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b1d7280f9ba1bfdbc3af5bdb82e51f014854f26f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/23e17ec1a5eb53fe39cc34fa5592686d5acd0dac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a52fa8ad45b5a593ed416adf326538638454ff1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/df9e900de24637be41879e2c50afb713ec4e8b2e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/490ad0a2390442d0a7b8c00972a83dbb09cab142"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a1478374b0bda89b4277a8afd39208271faad4be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d841d3cf5297fde4ce6a41ff35451d0e82917f3e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b3502b04e84ac5349be95fc033c17bd701d2787a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7c0ea5930c1c211931819d83cfb157bff1539a4c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/openvswitch/actions.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b1d7280f9ba1",
"status": "affected",
"version": "119bbaa6795a",
"versionType": "git"
},
{
"lessThan": "23e17ec1a5eb",
"status": "affected",
"version": "d543907a4730",
"versionType": "git"
},
{
"lessThan": "5a52fa8ad45b",
"status": "affected",
"version": "8387fbac8e18",
"versionType": "git"
},
{
"lessThan": "df9e900de246",
"status": "affected",
"version": "d52e5a7e7ca4",
"versionType": "git"
},
{
"lessThan": "490ad0a23904",
"status": "affected",
"version": "d52e5a7e7ca4",
"versionType": "git"
},
{
"lessThan": "a1478374b0bd",
"status": "affected",
"version": "d52e5a7e7ca4",
"versionType": "git"
},
{
"lessThan": "d841d3cf5297",
"status": "affected",
"version": "d52e5a7e7ca4",
"versionType": "git"
},
{
"lessThan": "b3502b04e84a",
"status": "affected",
"version": "d52e5a7e7ca4",
"versionType": "git"
},
{
"lessThan": "7c0ea5930c1c",
"status": "affected",
"version": "d52e5a7e7ca4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/openvswitch/actions.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.233",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.191",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.118",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix stack OOB read while fragmenting IPv4 packets\n\nrunning openvswitch on kernels built with KASAN, it\u0027s possible to see the\nfollowing splat while testing fragmentation of IPv4 packets:\n\n BUG: KASAN: stack-out-of-bounds in ip_do_fragment+0x1b03/0x1f60\n Read of size 1 at addr ffff888112fc713c by task handler2/1367\n\n CPU: 0 PID: 1367 Comm: handler2 Not tainted 5.12.0-rc6+ #418\n Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014\n Call Trace:\n dump_stack+0x92/0xc1\n print_address_description.constprop.7+0x1a/0x150\n kasan_report.cold.13+0x7f/0x111\n ip_do_fragment+0x1b03/0x1f60\n ovs_fragment+0x5bf/0x840 [openvswitch]\n do_execute_actions+0x1bd5/0x2400 [openvswitch]\n ovs_execute_actions+0xc8/0x3d0 [openvswitch]\n ovs_packet_cmd_execute+0xa39/0x1150 [openvswitch]\n genl_family_rcv_msg_doit.isra.15+0x227/0x2d0\n genl_rcv_msg+0x287/0x490\n netlink_rcv_skb+0x120/0x380\n genl_rcv+0x24/0x40\n netlink_unicast+0x439/0x630\n netlink_sendmsg+0x719/0xbf0\n sock_sendmsg+0xe2/0x110\n ____sys_sendmsg+0x5ba/0x890\n ___sys_sendmsg+0xe9/0x160\n __sys_sendmsg+0xd3/0x170\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f957079db07\n Code: c3 66 90 41 54 41 89 d4 55 48 89 f5 53 89 fb 48 83 ec 10 e8 eb ec ff ff 44 89 e2 48 89 ee 89 df 41 89 c0 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 35 44 89 c7 48 89 44 24 08 e8 24 ed ff ff 48\n RSP: 002b:00007f956ce35a50 EFLAGS: 00000293 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 0000000000000019 RCX: 00007f957079db07\n RDX: 0000000000000000 RSI: 00007f956ce35ae0 RDI: 0000000000000019\n RBP: 00007f956ce35ae0 R08: 0000000000000000 R09: 00007f9558006730\n R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000\n R13: 00007f956ce37308 R14: 00007f956ce35f80 R15: 00007f956ce35ae0\n\n The buggy address belongs to the page:\n page:00000000af2a1d93 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112fc7\n flags: 0x17ffffc0000000()\n raw: 0017ffffc0000000 0000000000000000 dead000000000122 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n addr ffff888112fc713c is located in stack of task handler2/1367 at offset 180 in frame:\n ovs_fragment+0x0/0x840 [openvswitch]\n\n this frame has 2 objects:\n [32, 144) \u0027ovs_dst\u0027\n [192, 424) \u0027ovs_rt\u0027\n\n Memory state around the buggy address:\n ffff888112fc7000: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888112fc7080: 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00\n \u003effff888112fc7100: 00 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00\n ^\n ffff888112fc7180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888112fc7200: 00 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00\n\nfor IPv4 packets, ovs_fragment() uses a temporary struct dst_entry. Then,\nin the following call graph:\n\n ip_do_fragment()\n ip_skb_dst_mtu()\n ip_dst_mtu_maybe_forward()\n ip_mtu_locked()\n\nthe pointer to struct dst_entry is used as pointer to struct rtable: this\nturns the access to struct members like rt_mtu_locked into an OOB read in\nthe stack. Fix this changing the temporary variable used for IPv4 packets\nin ovs_fragment(), similarly to what is done for IPv6 few lines below."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:35.692Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b1d7280f9ba1bfdbc3af5bdb82e51f014854f26f"
},
{
"url": "https://git.kernel.org/stable/c/23e17ec1a5eb53fe39cc34fa5592686d5acd0dac"
},
{
"url": "https://git.kernel.org/stable/c/5a52fa8ad45b5a593ed416adf326538638454ff1"
},
{
"url": "https://git.kernel.org/stable/c/df9e900de24637be41879e2c50afb713ec4e8b2e"
},
{
"url": "https://git.kernel.org/stable/c/490ad0a2390442d0a7b8c00972a83dbb09cab142"
},
{
"url": "https://git.kernel.org/stable/c/a1478374b0bda89b4277a8afd39208271faad4be"
},
{
"url": "https://git.kernel.org/stable/c/d841d3cf5297fde4ce6a41ff35451d0e82917f3e"
},
{
"url": "https://git.kernel.org/stable/c/b3502b04e84ac5349be95fc033c17bd701d2787a"
},
{
"url": "https://git.kernel.org/stable/c/7c0ea5930c1c211931819d83cfb157bff1539a4c"
}
],
"title": "openvswitch: fix stack OOB read while fragmenting IPv4 packets",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46955",
"datePublished": "2024-02-27T18:46:57.428Z",
"dateReserved": "2024-02-27T18:42:55.937Z",
"dateUpdated": "2024-11-04T11:56:35.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46944
Vulnerability from cvelistv5
Published
2024-02-27 18:40
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
media: staging/intel-ipu3: Fix memory leak in imu_fmt
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:43.052Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ff792ae52005c85a2d829c153e08d99a356e007d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/517f6f570566a863c2422b843c8b7d099474f6a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14d0e99c3ef6b0648535a31bf2eaabb4eff97b9e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/74ba0adb5e983503b18a96121d965cad34ac7ce3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3630901933afba1d16c462b04d569b7576339223"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46944",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:01:47.986372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:53.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/media/ipu3/ipu3-v4l2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ff792ae52005",
"status": "affected",
"version": "6d5f26f2e045",
"versionType": "git"
},
{
"lessThan": "517f6f570566",
"status": "affected",
"version": "6d5f26f2e045",
"versionType": "git"
},
{
"lessThan": "14d0e99c3ef6",
"status": "affected",
"version": "6d5f26f2e045",
"versionType": "git"
},
{
"lessThan": "74ba0adb5e98",
"status": "affected",
"version": "6d5f26f2e045",
"versionType": "git"
},
{
"lessThan": "3630901933af",
"status": "affected",
"version": "6d5f26f2e045",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/media/ipu3/ipu3-v4l2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.118",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: staging/intel-ipu3: Fix memory leak in imu_fmt\n\nWe are losing the reference to an allocated memory if try. Change the\norder of the check to avoid that."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:23.940Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ff792ae52005c85a2d829c153e08d99a356e007d"
},
{
"url": "https://git.kernel.org/stable/c/517f6f570566a863c2422b843c8b7d099474f6a9"
},
{
"url": "https://git.kernel.org/stable/c/14d0e99c3ef6b0648535a31bf2eaabb4eff97b9e"
},
{
"url": "https://git.kernel.org/stable/c/74ba0adb5e983503b18a96121d965cad34ac7ce3"
},
{
"url": "https://git.kernel.org/stable/c/3630901933afba1d16c462b04d569b7576339223"
}
],
"title": "media: staging/intel-ipu3: Fix memory leak in imu_fmt",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46944",
"datePublished": "2024-02-27T18:40:30.494Z",
"dateReserved": "2024-02-25T13:45:52.721Z",
"dateUpdated": "2024-11-04T11:56:23.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46961
Vulnerability from cvelistv5
Published
2024-02-27 18:47
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
irqchip/gic-v3: Do not enable irqs when handling spurious interrups
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-28T18:42:57.303653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:07.340Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e7ea8e46e3b777be26aa855fe07778c415f24926"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7be4db5c2b59fa77071c93ca4329876fb9777202"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea817ac1014c04f47885532b55f5d0898deadfba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f72d3709f53af72835af7dc8b15ba61611a0e36"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a97709f563a078e259bf0861cd259aa60332890a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/irqchip/irq-gic-v3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e7ea8e46e3b7",
"status": "affected",
"version": "3f1f3234bc2d",
"versionType": "git"
},
{
"lessThan": "7be4db5c2b59",
"status": "affected",
"version": "3f1f3234bc2d",
"versionType": "git"
},
{
"lessThan": "ea817ac1014c",
"status": "affected",
"version": "3f1f3234bc2d",
"versionType": "git"
},
{
"lessThan": "3f72d3709f53",
"status": "affected",
"version": "3f1f3234bc2d",
"versionType": "git"
},
{
"lessThan": "a97709f563a0",
"status": "affected",
"version": "3f1f3234bc2d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/irqchip/irq-gic-v3.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.118",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v3: Do not enable irqs when handling spurious interrups\n\nWe triggered the following error while running our 4.19 kernel\nwith the pseudo-NMI patches backported to it:\n\n[ 14.816231] ------------[ cut here ]------------\n[ 14.816231] kernel BUG at irq.c:99!\n[ 14.816232] Internal error: Oops - BUG: 0 [#1] SMP\n[ 14.816232] Process swapper/0 (pid: 0, stack limit = 0x(____ptrval____))\n[ 14.816233] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G O 4.19.95.aarch64 #14\n[ 14.816233] Hardware name: evb (DT)\n[ 14.816234] pstate: 80400085 (Nzcv daIf +PAN -UAO)\n[ 14.816234] pc : asm_nmi_enter+0x94/0x98\n[ 14.816235] lr : asm_nmi_enter+0x18/0x98\n[ 14.816235] sp : ffff000008003c50\n[ 14.816235] pmr_save: 00000070\n[ 14.816237] x29: ffff000008003c50 x28: ffff0000095f56c0\n[ 14.816238] x27: 0000000000000000 x26: ffff000008004000\n[ 14.816239] x25: 00000000015e0000 x24: ffff8008fb916000\n[ 14.816240] x23: 0000000020400005 x22: ffff0000080817cc\n[ 14.816241] x21: ffff000008003da0 x20: 0000000000000060\n[ 14.816242] x19: 00000000000003ff x18: ffffffffffffffff\n[ 14.816243] x17: 0000000000000008 x16: 003d090000000000\n[ 14.816244] x15: ffff0000095ea6c8 x14: ffff8008fff5ab40\n[ 14.816244] x13: ffff8008fff58b9d x12: 0000000000000000\n[ 14.816245] x11: ffff000008c8a200 x10: 000000008e31fca5\n[ 14.816246] x9 : ffff000008c8a208 x8 : 000000000000000f\n[ 14.816247] x7 : 0000000000000004 x6 : ffff8008fff58b9e\n[ 14.816248] x5 : 0000000000000000 x4 : 0000000080000000\n[ 14.816249] x3 : 0000000000000000 x2 : 0000000080000000\n[ 14.816250] x1 : 0000000000120000 x0 : ffff0000095f56c0\n[ 14.816251] Call trace:\n[ 14.816251] asm_nmi_enter+0x94/0x98\n[ 14.816251] el1_irq+0x8c/0x180 (IRQ C)\n[ 14.816252] gic_handle_irq+0xbc/0x2e4\n[ 14.816252] el1_irq+0xcc/0x180 (IRQ B)\n[ 14.816253] arch_timer_handler_virt+0x38/0x58\n[ 14.816253] handle_percpu_devid_irq+0x90/0x240\n[ 14.816253] generic_handle_irq+0x34/0x50\n[ 14.816254] __handle_domain_irq+0x68/0xc0\n[ 14.816254] gic_handle_irq+0xf8/0x2e4\n[ 14.816255] el1_irq+0xcc/0x180 (IRQ A)\n[ 14.816255] arch_cpu_idle+0x34/0x1c8\n[ 14.816255] default_idle_call+0x24/0x44\n[ 14.816256] do_idle+0x1d0/0x2c8\n[ 14.816256] cpu_startup_entry+0x28/0x30\n[ 14.816256] rest_init+0xb8/0xc8\n[ 14.816257] start_kernel+0x4c8/0x4f4\n[ 14.816257] Code: 940587f1 d5384100 b9401001 36a7fd01 (d4210000)\n[ 14.816258] Modules linked in: start_dp(O) smeth(O)\n[ 15.103092] ---[ end trace 701753956cb14aa8 ]---\n[ 15.103093] Kernel panic - not syncing: Fatal exception in interrupt\n[ 15.103099] SMP: stopping secondary CPUs\n[ 15.103100] Kernel Offset: disabled\n[ 15.103100] CPU features: 0x36,a2400218\n[ 15.103100] Memory Limit: none\n\nwhich is cause by a \u0027BUG_ON(in_nmi())\u0027 in nmi_enter().\n\nFrom the call trace, we can find three interrupts (noted A, B, C above):\ninterrupt (A) is preempted by (B), which is further interrupted by (C).\n\nSubsequent investigations show that (B) results in nmi_enter() being\ncalled, but that it actually is a spurious interrupt. Furthermore,\ninterrupts are reenabled in the context of (B), and (C) fires with\nNMI priority. We end-up with a nested NMI situation, something\nwe definitely do not want to (and cannot) handle.\n\nThe bug here is that spurious interrupts should never result in any\nstate change, and we should just return to the interrupted context.\nMoving the handling of spurious interrupts as early as possible in\nthe GICv3 handler fixes this issue.\n\n[maz: rewrote commit message, corrected Fixes: tag]"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:42.764Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e7ea8e46e3b777be26aa855fe07778c415f24926"
},
{
"url": "https://git.kernel.org/stable/c/7be4db5c2b59fa77071c93ca4329876fb9777202"
},
{
"url": "https://git.kernel.org/stable/c/ea817ac1014c04f47885532b55f5d0898deadfba"
},
{
"url": "https://git.kernel.org/stable/c/3f72d3709f53af72835af7dc8b15ba61611a0e36"
},
{
"url": "https://git.kernel.org/stable/c/a97709f563a078e259bf0861cd259aa60332890a"
}
],
"title": "irqchip/gic-v3: Do not enable irqs when handling spurious interrups",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46961",
"datePublished": "2024-02-27T18:47:00.560Z",
"dateReserved": "2024-02-27T18:42:55.942Z",
"dateUpdated": "2024-11-04T11:56:42.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46969
Vulnerability from cvelistv5
Published
2024-02-27 18:47
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
bus: mhi: core: Fix invalid error returning in mhi_queue
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a99b661c3187365f81026d89b1133a76cd2652b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0ecc1c70dcd32c0f081b173a1a5d89952686f271"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:01:28.491057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:45.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/bus/mhi/core/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a99b661c3187",
"status": "affected",
"version": "a8f75cb348fd",
"versionType": "git"
},
{
"lessThan": "0ecc1c70dcd3",
"status": "affected",
"version": "a8f75cb348fd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/bus/mhi/core/main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: core: Fix invalid error returning in mhi_queue\n\nmhi_queue returns an error when the doorbell is not accessible in\nthe current state. This can happen when the device is in non M0\nstate, like M3, and needs to be waken-up prior ringing the DB. This\ncase is managed earlier by triggering an asynchronous M3 exit via\ncontroller resume/suspend callbacks, that in turn will cause M0\ntransition and DB update.\n\nSo, since it\u0027s not an error but just delaying of doorbell update, there\nis no reason to return an error.\n\nThis also fixes a use after free error for skb case, indeed a caller\nqueuing skb will try to free the skb if the queueing fails, but in\nthat case queueing has been done."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:52.224Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a99b661c3187365f81026d89b1133a76cd2652b3"
},
{
"url": "https://git.kernel.org/stable/c/0ecc1c70dcd32c0f081b173a1a5d89952686f271"
}
],
"title": "bus: mhi: core: Fix invalid error returning in mhi_queue",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46969",
"datePublished": "2024-02-27T18:47:05.463Z",
"dateReserved": "2024-02-27T18:42:55.943Z",
"dateUpdated": "2024-11-04T11:56:52.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46943
Vulnerability from cvelistv5
Published
2024-02-27 18:40
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
media: staging/intel-ipu3: Fix set_fmt error handling
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-27T19:34:55.283543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:04.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a03fb1e8a110658215a4cefc3e2ad53279e496a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c6b81b897f6f9445d57f8d47c4e060ec21556137"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/34892ea938387d83ffcfb7775ec55f0f80767916"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fb617e37a39db0a3eca4489431359d0bdf3b9bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad91849996f9dd79741a961fd03585a683b08356"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/staging/media/ipu3/ipu3-v4l2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a03fb1e8a110",
"status": "affected",
"version": "6d5f26f2e045",
"versionType": "git"
},
{
"lessThan": "c6b81b897f6f",
"status": "affected",
"version": "6d5f26f2e045",
"versionType": "git"
},
{
"lessThan": "34892ea93838",
"status": "affected",
"version": "6d5f26f2e045",
"versionType": "git"
},
{
"lessThan": "6fb617e37a39",
"status": "affected",
"version": "6d5f26f2e045",
"versionType": "git"
},
{
"lessThan": "ad91849996f9",
"status": "affected",
"version": "6d5f26f2e045",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/staging/media/ipu3/ipu3-v4l2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.2"
},
{
"lessThan": "5.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.118",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: staging/intel-ipu3: Fix set_fmt error handling\n\nIf there in an error during a set_fmt, do not overwrite the previous\nsizes with the invalid config.\n\nWithout this patch, v4l2-compliance ends up allocating 4GiB of RAM and\ncausing the following OOPs\n\n[ 38.662975] ipu3-imgu 0000:00:05.0: swiotlb buffer is full (sz: 4096 bytes)\n[ 38.662980] DMA: Out of SW-IOMMU space for 4096 bytes at device 0000:00:05.0\n[ 38.663010] general protection fault: 0000 [#1] PREEMPT SMP"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:22.770Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a03fb1e8a110658215a4cefc3e2ad53279e496a6"
},
{
"url": "https://git.kernel.org/stable/c/c6b81b897f6f9445d57f8d47c4e060ec21556137"
},
{
"url": "https://git.kernel.org/stable/c/34892ea938387d83ffcfb7775ec55f0f80767916"
},
{
"url": "https://git.kernel.org/stable/c/6fb617e37a39db0a3eca4489431359d0bdf3b9bc"
},
{
"url": "https://git.kernel.org/stable/c/ad91849996f9dd79741a961fd03585a683b08356"
}
],
"title": "media: staging/intel-ipu3: Fix set_fmt error handling",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46943",
"datePublished": "2024-02-27T18:40:29.903Z",
"dateReserved": "2024-02-25T13:45:52.721Z",
"dateUpdated": "2024-11-04T11:56:22.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46970
Vulnerability from cvelistv5
Published
2024-02-27 18:47
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46970",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T22:31:16.861503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:05.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/bus/mhi/core/init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "abd1510c08a1",
"status": "affected",
"version": "8f7039787687",
"versionType": "git"
},
{
"lessThan": "ed541cff35cb",
"status": "affected",
"version": "8f7039787687",
"versionType": "git"
},
{
"lessThan": "0fccbf0a3b69",
"status": "affected",
"version": "8f7039787687",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/bus/mhi/core/init.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue\n\nA recent change created a dedicated workqueue for the state-change work\nwith WQ_HIGHPRI (no strong reason for that) and WQ_MEM_RECLAIM flags,\nbut the state-change work (mhi_pm_st_worker) does not guarantee forward\nprogress under memory pressure, and will even wait on various memory\nallocations when e.g. creating devices, loading firmware, etc... The\nwork is then not part of a memory reclaim path...\n\nMoreover, this causes a warning in check_flush_dependency() since we end\nup in code that flushes a non-reclaim workqueue:\n\n[ 40.969601] workqueue: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] is flushing !WQ_MEM_RECLAIM events_highpri:flush_backlog\n[ 40.969612] WARNING: CPU: 4 PID: 158 at kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140\n[ 40.969733] Call Trace:\n[ 40.969740] __flush_work+0x97/0x1d0\n[ 40.969745] ? wake_up_process+0x15/0x20\n[ 40.969749] ? insert_work+0x70/0x80\n[ 40.969750] ? __queue_work+0x14a/0x3e0\n[ 40.969753] flush_work+0x10/0x20\n[ 40.969756] rollback_registered_many+0x1c9/0x510\n[ 40.969759] unregister_netdevice_queue+0x94/0x120\n[ 40.969761] unregister_netdev+0x1d/0x30\n[ 40.969765] mhi_net_remove+0x1a/0x40 [mhi_net]\n[ 40.969770] mhi_driver_remove+0x124/0x250 [mhi]\n[ 40.969776] device_release_driver_internal+0xf0/0x1d0\n[ 40.969778] device_release_driver+0x12/0x20\n[ 40.969782] bus_remove_device+0xe1/0x150\n[ 40.969786] device_del+0x17b/0x3e0\n[ 40.969791] mhi_destroy_device+0x9a/0x100 [mhi]\n[ 40.969796] ? mhi_unmap_single_use_bb+0x50/0x50 [mhi]\n[ 40.969799] device_for_each_child+0x5e/0xa0\n[ 40.969804] mhi_pm_st_worker+0x921/0xf50 [mhi]"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:53.396Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135"
},
{
"url": "https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07"
},
{
"url": "https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc"
}
],
"title": "bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46970",
"datePublished": "2024-02-27T18:47:06.071Z",
"dateReserved": "2024-02-27T18:42:55.943Z",
"dateUpdated": "2024-11-04T11:56:53.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46968
Vulnerability from cvelistv5
Published
2024-02-27 18:47
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
s390/zcrypt: fix zcard and zqueue hot-unplug memleak
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/026499a9c2e002e621ad568d1378324ae97e5524"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/055a063a18bcd19b93709e3eac8078d6b2f04599"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/971dc8706cee47393d393905d294ea47e39503d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70fac8088cfad9f3b379c9082832b4d7532c16c2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46968",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:01:31.707354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:46.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/crypto/zcrypt_card.c",
"drivers/s390/crypto/zcrypt_queue.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "026499a9c2e0",
"status": "affected",
"version": "29c2680fd2bf",
"versionType": "git"
},
{
"lessThan": "055a063a18bc",
"status": "affected",
"version": "29c2680fd2bf",
"versionType": "git"
},
{
"lessThan": "971dc8706cee",
"status": "affected",
"version": "29c2680fd2bf",
"versionType": "git"
},
{
"lessThan": "70fac8088cfa",
"status": "affected",
"version": "29c2680fd2bf",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/crypto/zcrypt_card.c",
"drivers/s390/crypto/zcrypt_queue.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: fix zcard and zqueue hot-unplug memleak\n\nTests with kvm and a kmemdebug kernel showed, that on hot unplug the\nzcard and zqueue structs for the unplugged card or queue are not\nproperly freed because of a mismatch with get/put for the embedded\nkref counter.\n\nThis fix now adjusts the handling of the kref counters. With init the\nkref counter starts with 1. This initial value needs to drop to zero\nwith the unregister of the card or queue to trigger the release and\nfree the object."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:51.100Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/026499a9c2e002e621ad568d1378324ae97e5524"
},
{
"url": "https://git.kernel.org/stable/c/055a063a18bcd19b93709e3eac8078d6b2f04599"
},
{
"url": "https://git.kernel.org/stable/c/971dc8706cee47393d393905d294ea47e39503d3"
},
{
"url": "https://git.kernel.org/stable/c/70fac8088cfad9f3b379c9082832b4d7532c16c2"
}
],
"title": "s390/zcrypt: fix zcard and zqueue hot-unplug memleak",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46968",
"datePublished": "2024-02-27T18:47:04.856Z",
"dateReserved": "2024-02-27T18:42:55.943Z",
"dateUpdated": "2024-11-04T11:56:51.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46967
Vulnerability from cvelistv5
Published
2024-02-27 18:47
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
vhost-vdpa: fix vm_flags for virtqueue doorbell mapping
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46967",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-27T19:32:37.039372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:13:04.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:43.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3b8b6399666a29daa30b0bb3f5c9e3fc81c5a6a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/940230a5c31e2714722aee04c521a21f484b4df7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93dbbf20e3ffad14f04227a0b7105f6e6f0387ce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a3e0fad16d40a2aa68ddf7eea4acdf48b22dd44"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/vhost/vdpa.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3b8b6399666a",
"status": "affected",
"version": "ddd89d0a059d",
"versionType": "git"
},
{
"lessThan": "940230a5c31e",
"status": "affected",
"version": "ddd89d0a059d",
"versionType": "git"
},
{
"lessThan": "93dbbf20e3ff",
"status": "affected",
"version": "ddd89d0a059d",
"versionType": "git"
},
{
"lessThan": "3a3e0fad16d4",
"status": "affected",
"version": "ddd89d0a059d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/vhost/vdpa.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvhost-vdpa: fix vm_flags for virtqueue doorbell mapping\n\nThe virtqueue doorbell is usually implemented via registeres but we\ndon\u0027t provide the necessary vma-\u003eflags like VM_PFNMAP. This may cause\nseveral issues e.g when userspace tries to map the doorbell via vhost\nIOTLB, kernel may panic due to the page is not backed by page\nstructure. This patch fixes this by setting the necessary\nvm_flags. With this patch, try to map doorbell via IOTLB will fail\nwith bad address."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:49.945Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3b8b6399666a29daa30b0bb3f5c9e3fc81c5a6a6"
},
{
"url": "https://git.kernel.org/stable/c/940230a5c31e2714722aee04c521a21f484b4df7"
},
{
"url": "https://git.kernel.org/stable/c/93dbbf20e3ffad14f04227a0b7105f6e6f0387ce"
},
{
"url": "https://git.kernel.org/stable/c/3a3e0fad16d40a2aa68ddf7eea4acdf48b22dd44"
}
],
"title": "vhost-vdpa: fix vm_flags for virtqueue doorbell mapping",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46967",
"datePublished": "2024-02-27T18:47:04.253Z",
"dateReserved": "2024-02-27T18:42:55.943Z",
"dateUpdated": "2024-11-04T11:56:49.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46963
Vulnerability from cvelistv5
Published
2024-02-27 18:47
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-27T20:13:28.391773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:03.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c5ab9b67d8b061de74e2ca51bf787ee599bd7f89"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/77509a238547863040a42d57c72403f7d4c89a8f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/702cdaa2c6283c135ef16d52e0e4e3c1005aa538"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80ef24175df2cba3860d0369d1c662b49ee2de56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a73208e3244127ef9f2cdf24e4adb947aaa32053"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6641df81ab799f28a5d564f860233dd26cca0d93"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_os.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c5ab9b67d8b0",
"status": "affected",
"version": "64a8c5018a4b",
"versionType": "git"
},
{
"lessThan": "77509a238547",
"status": "affected",
"version": "dea6ee717303",
"versionType": "git"
},
{
"lessThan": "702cdaa2c628",
"status": "affected",
"version": "af2a0c51b120",
"versionType": "git"
},
{
"lessThan": "80ef24175df2",
"status": "affected",
"version": "af2a0c51b120",
"versionType": "git"
},
{
"lessThan": "a73208e32441",
"status": "affected",
"version": "af2a0c51b120",
"versionType": "git"
},
{
"lessThan": "6641df81ab79",
"status": "affected",
"version": "af2a0c51b120",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_os.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.191",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.118",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()\n\n RIP: 0010:kmem_cache_free+0xfa/0x1b0\n Call Trace:\n qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx]\n scsi_queue_rq+0x5e2/0xa40\n __blk_mq_try_issue_directly+0x128/0x1d0\n blk_mq_request_issue_directly+0x4e/0xb0\n\nFix incorrect call to free srb in qla2xxx_mqueuecommand(), as srb is now\nallocated by upper layers. This fixes smatch warning of srb unintended\nfree."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:45.244Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c5ab9b67d8b061de74e2ca51bf787ee599bd7f89"
},
{
"url": "https://git.kernel.org/stable/c/77509a238547863040a42d57c72403f7d4c89a8f"
},
{
"url": "https://git.kernel.org/stable/c/702cdaa2c6283c135ef16d52e0e4e3c1005aa538"
},
{
"url": "https://git.kernel.org/stable/c/80ef24175df2cba3860d0369d1c662b49ee2de56"
},
{
"url": "https://git.kernel.org/stable/c/a73208e3244127ef9f2cdf24e4adb947aaa32053"
},
{
"url": "https://git.kernel.org/stable/c/6641df81ab799f28a5d564f860233dd26cca0d93"
}
],
"title": "scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46963",
"datePublished": "2024-02-27T18:47:01.783Z",
"dateReserved": "2024-02-27T18:42:55.942Z",
"dateUpdated": "2024-11-04T11:56:45.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46957
Vulnerability from cvelistv5
Published
2024-02-27 18:46
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-46957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-28T19:51:51.883818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T14:30:14.111Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:43.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fd0f06590d35c99f98d12c7984897ec4201a6263"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b1ebaa0e1318494a7637099a26add50509e37964"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/riscv/kernel/probes/kprobes.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fd0f06590d35",
"status": "affected",
"version": "c22b0bcb1dd0",
"versionType": "git"
},
{
"lessThan": "b1ebaa0e1318",
"status": "affected",
"version": "c22b0bcb1dd0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/riscv/kernel/probes/kprobes.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe\n\nThe execution of sys_read end up hitting a BUG_ON() in __find_get_block\nafter installing kprobe at sys_read, the BUG message like the following:\n\n[ 65.708663] ------------[ cut here ]------------\n[ 65.709987] kernel BUG at fs/buffer.c:1251!\n[ 65.711283] Kernel BUG [#1]\n[ 65.712032] Modules linked in:\n[ 65.712925] CPU: 0 PID: 51 Comm: sh Not tainted 5.12.0-rc4 #1\n[ 65.714407] Hardware name: riscv-virtio,qemu (DT)\n[ 65.715696] epc : __find_get_block+0x218/0x2c8\n[ 65.716835] ra : __getblk_gfp+0x1c/0x4a\n[ 65.717831] epc : ffffffe00019f11e ra : ffffffe00019f56a sp : ffffffe002437930\n[ 65.719553] gp : ffffffe000f06030 tp : ffffffe0015abc00 t0 : ffffffe00191e038\n[ 65.721290] t1 : ffffffe00191e038 t2 : 000000000000000a s0 : ffffffe002437960\n[ 65.723051] s1 : ffffffe00160ad00 a0 : ffffffe00160ad00 a1 : 000000000000012a\n[ 65.724772] a2 : 0000000000000400 a3 : 0000000000000008 a4 : 0000000000000040\n[ 65.726545] a5 : 0000000000000000 a6 : ffffffe00191e000 a7 : 0000000000000000\n[ 65.728308] s2 : 000000000000012a s3 : 0000000000000400 s4 : 0000000000000008\n[ 65.730049] s5 : 000000000000006c s6 : ffffffe00240f800 s7 : ffffffe000f080a8\n[ 65.731802] s8 : 0000000000000001 s9 : 000000000000012a s10: 0000000000000008\n[ 65.733516] s11: 0000000000000008 t3 : 00000000000003ff t4 : 000000000000000f\n[ 65.734434] t5 : 00000000000003ff t6 : 0000000000040000\n[ 65.734613] status: 0000000000000100 badaddr: 0000000000000000 cause: 0000000000000003\n[ 65.734901] Call Trace:\n[ 65.735076] [\u003cffffffe00019f11e\u003e] __find_get_block+0x218/0x2c8\n[ 65.735417] [\u003cffffffe00020017a\u003e] __ext4_get_inode_loc+0xb2/0x2f6\n[ 65.735618] [\u003cffffffe000201b6c\u003e] ext4_get_inode_loc+0x3a/0x8a\n[ 65.735802] [\u003cffffffe000203380\u003e] ext4_reserve_inode_write+0x2e/0x8c\n[ 65.735999] [\u003cffffffe00020357a\u003e] __ext4_mark_inode_dirty+0x4c/0x18e\n[ 65.736208] [\u003cffffffe000206bb0\u003e] ext4_dirty_inode+0x46/0x66\n[ 65.736387] [\u003cffffffe000192914\u003e] __mark_inode_dirty+0x12c/0x3da\n[ 65.736576] [\u003cffffffe000180dd2\u003e] touch_atime+0x146/0x150\n[ 65.736748] [\u003cffffffe00010d762\u003e] filemap_read+0x234/0x246\n[ 65.736920] [\u003cffffffe00010d834\u003e] generic_file_read_iter+0xc0/0x114\n[ 65.737114] [\u003cffffffe0001f5d7a\u003e] ext4_file_read_iter+0x42/0xea\n[ 65.737310] [\u003cffffffe000163f2c\u003e] new_sync_read+0xe2/0x15a\n[ 65.737483] [\u003cffffffe000165814\u003e] vfs_read+0xca/0xf2\n[ 65.737641] [\u003cffffffe000165bae\u003e] ksys_read+0x5e/0xc8\n[ 65.737816] [\u003cffffffe000165c26\u003e] sys_read+0xe/0x16\n[ 65.737973] [\u003cffffffe000003972\u003e] ret_from_syscall+0x0/0x2\n[ 65.738858] ---[ end trace fe93f985456c935d ]---\n\nA simple reproducer looks like:\n\techo \u0027p:myprobe sys_read fd=%a0 buf=%a1 count=%a2\u0027 \u003e /sys/kernel/debug/tracing/kprobe_events\n\techo 1 \u003e /sys/kernel/debug/tracing/events/kprobes/myprobe/enable\n\tcat /sys/kernel/debug/tracing/trace\n\nHere\u0027s what happens to hit that BUG_ON():\n\n1) After installing kprobe at entry of sys_read, the first instruction\n is replaced by \u0027ebreak\u0027 instruction on riscv64 platform.\n\n2) Once kernel reach the \u0027ebreak\u0027 instruction at the entry of sys_read,\n it trap into the riscv breakpoint handler, where it do something to\n setup for coming single-step of origin instruction, including backup\n the \u0027sstatus\u0027 in pt_regs, followed by disable interrupt during single\n stepping via clear \u0027SIE\u0027 bit of \u0027sstatus\u0027 in pt_regs.\n\n3) Then kernel restore to the instruction slot contains two instructions,\n one is original instruction at entry of sys_read, the other is \u0027ebreak\u0027.\n Here it trigger a \u0027Instruction page fault\u0027 exception (value at \u0027scause\u0027\n is \u00270xc\u0027), if PF is not filled into PageTabe for that slot yet.\n\n4) Again kernel trap into page fault exception handler, where it choose\n different policy according to the state of running kprobe. Because\n afte 2) the state is KPROBE_HIT_SS, so kernel reset the current kp\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:38.095Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fd0f06590d35c99f98d12c7984897ec4201a6263"
},
{
"url": "https://git.kernel.org/stable/c/b1ebaa0e1318494a7637099a26add50509e37964"
}
],
"title": "riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46957",
"datePublished": "2024-02-27T18:46:58.701Z",
"dateReserved": "2024-02-27T18:42:55.937Z",
"dateUpdated": "2024-11-04T11:56:38.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46960
Vulnerability from cvelistv5
Published
2024-02-27 18:46
Modified
2024-11-04 11:56
Severity ?
EPSS score ?
Summary
cifs: Return correct error code from smb2_get_enc_key
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e94851629c49c65b4fbb29a5725ddfd7988f8f20"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e486f8397f3f14a7cadc166138141fdb14379a54"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93f3339b22ba17e66f0808737467b70ba087eaec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aaa0faa5c28a91c362352d6b35dc3ed10df56fb0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f59a9242942fef0de7b926e438ba4eae65d4b4dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b399c1a3ea0b9d10047ff266d65533df7f15532f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/83728cbf366e334301091d5b808add468ab46b27"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:01:38.257820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:48.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/cifs/smb2ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e94851629c49",
"status": "affected",
"version": "61cfac6f267d",
"versionType": "git"
},
{
"lessThan": "e486f8397f3f",
"status": "affected",
"version": "61cfac6f267d",
"versionType": "git"
},
{
"lessThan": "93f3339b22ba",
"status": "affected",
"version": "61cfac6f267d",
"versionType": "git"
},
{
"lessThan": "aaa0faa5c28a",
"status": "affected",
"version": "61cfac6f267d",
"versionType": "git"
},
{
"lessThan": "f59a9242942f",
"status": "affected",
"version": "61cfac6f267d",
"versionType": "git"
},
{
"lessThan": "b399c1a3ea0b",
"status": "affected",
"version": "61cfac6f267d",
"versionType": "git"
},
{
"lessThan": "83728cbf366e",
"status": "affected",
"version": "61cfac6f267d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/cifs/smb2ops.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.233",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.191",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.118",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.11.*",
"status": "unaffected",
"version": "5.11.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Return correct error code from smb2_get_enc_key\n\nAvoid a warning if the error percolates back up:\n\n[440700.376476] CIFS VFS: \\\\otters.example.com crypt_message: Could not get encryption key\n[440700.386947] ------------[ cut here ]------------\n[440700.386948] err = 1\n[440700.386977] WARNING: CPU: 11 PID: 2733 at /build/linux-hwe-5.4-p6lk6L/linux-hwe-5.4-5.4.0/lib/errseq.c:74 errseq_set+0x5c/0x70\n...\n[440700.397304] CPU: 11 PID: 2733 Comm: tar Tainted: G OE 5.4.0-70-generic #78~18.04.1-Ubuntu\n...\n[440700.397334] Call Trace:\n[440700.397346] __filemap_set_wb_err+0x1a/0x70\n[440700.397419] cifs_writepages+0x9c7/0xb30 [cifs]\n[440700.397426] do_writepages+0x4b/0xe0\n[440700.397444] __filemap_fdatawrite_range+0xcb/0x100\n[440700.397455] filemap_write_and_wait+0x42/0xa0\n[440700.397486] cifs_setattr+0x68b/0xf30 [cifs]\n[440700.397493] notify_change+0x358/0x4a0\n[440700.397500] utimes_common+0xe9/0x1c0\n[440700.397510] do_utimes+0xc5/0x150\n[440700.397520] __x64_sys_utimensat+0x88/0xd0"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T11:56:41.653Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e94851629c49c65b4fbb29a5725ddfd7988f8f20"
},
{
"url": "https://git.kernel.org/stable/c/e486f8397f3f14a7cadc166138141fdb14379a54"
},
{
"url": "https://git.kernel.org/stable/c/93f3339b22ba17e66f0808737467b70ba087eaec"
},
{
"url": "https://git.kernel.org/stable/c/aaa0faa5c28a91c362352d6b35dc3ed10df56fb0"
},
{
"url": "https://git.kernel.org/stable/c/f59a9242942fef0de7b926e438ba4eae65d4b4dd"
},
{
"url": "https://git.kernel.org/stable/c/b399c1a3ea0b9d10047ff266d65533df7f15532f"
},
{
"url": "https://git.kernel.org/stable/c/83728cbf366e334301091d5b808add468ab46b27"
}
],
"title": "cifs: Return correct error code from smb2_get_enc_key",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46960",
"datePublished": "2024-02-27T18:46:59.919Z",
"dateReserved": "2024-02-27T18:42:55.941Z",
"dateUpdated": "2024-11-04T11:56:41.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.