CVE-2021-46920

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback Current code blindly writes over the SWERR and the OVERFLOW bits. Write back the bits actually read instead so the driver avoids clobbering the OVERFLOW bit that comes after the register is read.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/02981a44a0e402089775416371bd2e0c935685f8	Patch
https://git.kernel.org/stable/c/a5ad12d5d69c63af289a37f05187a0c6fe93553d	Patch
https://git.kernel.org/stable/c/ea941ac294d75d0ace50797aebf0056f6f8f7a7f	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

10 Apr 2024, 14:52

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/02981a44a0e402089775416371bd2e0c935685f8 -~~	() https://git.kernel.org/stable/c/02981a44a0e402089775416371bd2e0c935685f8 - Patch
References	~~() https://git.kernel.org/stable/c/a5ad12d5d69c63af289a37f05187a0c6fe93553d -~~	() https://git.kernel.org/stable/c/a5ad12d5d69c63af289a37f05187a0c6fe93553d - Patch
References	~~() https://git.kernel.org/stable/c/ea941ac294d75d0ace50797aebf0056f6f8f7a7f -~~	() https://git.kernel.org/stable/c/ea941ac294d75d0ace50797aebf0056f6f8f7a7f - Patch
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:o:linux:linux_kernel::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux Linux linux Kernel

27 Feb 2024, 14:20

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-02-27 07:15

Updated : 2024-04-10 14:52

NVD link : CVE-2021-46920

Mitre link : CVE-2021-46920

CVE.ORG link : CVE-2021-46920

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2021-46920", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-02-27T07:15:08.987", "references": [{"url": "https://git.kernel.org/stable/c/02981a44a0e402089775416371bd2e0c935685f8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a5ad12d5d69c63af289a37f05187a0c6fe93553d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ea941ac294d75d0ace50797aebf0056f6f8f7a7f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback\n\nCurrent code blindly writes over the SWERR and the OVERFLOW bits. Write\nback the bits actually read instead so the driver avoids clobbering the\nOVERFLOW bit that comes after the register is read."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: idxd: corrige el problema del bit de desbordamiento SWERR en la reescritura El c\u00f3digo actual escribe ciegamente sobre los bits SWERR y OVERFLOW. En su lugar, vuelva a escribir los bits realmente le\u00eddos para que el controlador evite da\u00f1ar el bit OVERFLOW que viene despu\u00e9s de leer el registro."}], "lastModified": "2024-04-10T14:52:39.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10B30767-6251-4101-9C1B-5F61DBAFA43A", "versionEndExcluding": "5.10.32", "versionStartIncluding": "5.6.0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C5242B9-B5BD-4578-AD66-69DF59D54A14", "versionEndExcluding": "5.11.16", "versionStartIncluding": "5.11.0"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}