Vulnerability-Lookup

CVE-2021-46970 (GCVE-0-2021-46970)

Vulnerability from cvelistv5 – Published: 2024-02-27 18:47 – Updated: 2026-05-11 13:45

Title

bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue

Summary

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue A recent change created a dedicated workqueue for the state-change work with WQ_HIGHPRI (no strong reason for that) and WQ_MEM_RECLAIM flags, but the state-change work (mhi_pm_st_worker) does not guarantee forward progress under memory pressure, and will even wait on various memory allocations when e.g. creating devices, loading firmware, etc... The work is then not part of a memory reclaim path... Moreover, this causes a warning in check_flush_dependency() since we end up in code that flushes a non-reclaim workqueue: [ 40.969601] workqueue: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] is flushing !WQ_MEM_RECLAIM events_highpri:flush_backlog [ 40.969612] WARNING: CPU: 4 PID: 158 at kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140 [ 40.969733] Call Trace: [ 40.969740] __flush_work+0x97/0x1d0 [ 40.969745] ? wake_up_process+0x15/0x20 [ 40.969749] ? insert_work+0x70/0x80 [ 40.969750] ? __queue_work+0x14a/0x3e0 [ 40.969753] flush_work+0x10/0x20 [ 40.969756] rollback_registered_many+0x1c9/0x510 [ 40.969759] unregister_netdevice_queue+0x94/0x120 [ 40.969761] unregister_netdev+0x1d/0x30 [ 40.969765] mhi_net_remove+0x1a/0x40 [mhi_net] [ 40.969770] mhi_driver_remove+0x124/0x250 [mhi] [ 40.969776] device_release_driver_internal+0xf0/0x1d0 [ 40.969778] device_release_driver+0x12/0x20 [ 40.969782] bus_remove_device+0xe1/0x150 [ 40.969786] device_del+0x17b/0x3e0 [ 40.969791] mhi_destroy_device+0x9a/0x100 [mhi] [ 40.969796] ? mhi_unmap_single_use_bb+0x50/0x50 [mhi] [ 40.969799] device_for_each_child+0x5e/0xa0 [ 40.969804] mhi_pm_st_worker+0x921/0xf50 [mhi]

Severity

No CVSS data available.

Assigner

Linux

References

3 references

URL	Tags
https://git.kernel.org/stable/c/abd1510c08a13c88d…
https://git.kernel.org/stable/c/ed541cff35cbdb695…
https://git.kernel.org/stable/c/0fccbf0a3b690b162…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 8f70397876872789b2a5deba804eb6216fb5deb7 , < abd1510c08a13c88d24b622a83c82e87ff1d3135 (git) Affected: 8f70397876872789b2a5deba804eb6216fb5deb7 , < ed541cff35cbdb695f0c98ef506dd7218883fc07 (git) Affected: 8f70397876872789b2a5deba804eb6216fb5deb7 , < 0fccbf0a3b690b162f53b13ed8bc442ea33437dc (git)
Linux	Linux	Affected: 5.11 Unaffected: 0 , < 5.11 (semver) Unaffected: 5.11.20 , ≤ 5.11.* (semver) Unaffected: 5.12.3 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46970",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-05T22:31:16.861503Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:13:05.954Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:17:42.997Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/bus/mhi/core/init.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "abd1510c08a13c88d24b622a83c82e87ff1d3135",
              "status": "affected",
              "version": "8f70397876872789b2a5deba804eb6216fb5deb7",
              "versionType": "git"
            },
            {
              "lessThan": "ed541cff35cbdb695f0c98ef506dd7218883fc07",
              "status": "affected",
              "version": "8f70397876872789b2a5deba804eb6216fb5deb7",
              "versionType": "git"
            },
            {
              "lessThan": "0fccbf0a3b690b162f53b13ed8bc442ea33437dc",
              "status": "affected",
              "version": "8f70397876872789b2a5deba804eb6216fb5deb7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/bus/mhi/core/init.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.20",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.11.20",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.3",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue\n\nA recent change created a dedicated workqueue for the state-change work\nwith WQ_HIGHPRI (no strong reason for that) and WQ_MEM_RECLAIM flags,\nbut the state-change work (mhi_pm_st_worker) does not guarantee forward\nprogress under memory pressure, and will even wait on various memory\nallocations when e.g. creating devices, loading firmware, etc... The\nwork is then not part of a memory reclaim path...\n\nMoreover, this causes a warning in check_flush_dependency() since we end\nup in code that flushes a non-reclaim workqueue:\n\n[   40.969601] workqueue: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] is flushing !WQ_MEM_RECLAIM events_highpri:flush_backlog\n[   40.969612] WARNING: CPU: 4 PID: 158 at kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140\n[   40.969733] Call Trace:\n[   40.969740]  __flush_work+0x97/0x1d0\n[   40.969745]  ? wake_up_process+0x15/0x20\n[   40.969749]  ? insert_work+0x70/0x80\n[   40.969750]  ? __queue_work+0x14a/0x3e0\n[   40.969753]  flush_work+0x10/0x20\n[   40.969756]  rollback_registered_many+0x1c9/0x510\n[   40.969759]  unregister_netdevice_queue+0x94/0x120\n[   40.969761]  unregister_netdev+0x1d/0x30\n[   40.969765]  mhi_net_remove+0x1a/0x40 [mhi_net]\n[   40.969770]  mhi_driver_remove+0x124/0x250 [mhi]\n[   40.969776]  device_release_driver_internal+0xf0/0x1d0\n[   40.969778]  device_release_driver+0x12/0x20\n[   40.969782]  bus_remove_device+0xe1/0x150\n[   40.969786]  device_del+0x17b/0x3e0\n[   40.969791]  mhi_destroy_device+0x9a/0x100 [mhi]\n[   40.969796]  ? mhi_unmap_single_use_bb+0x50/0x50 [mhi]\n[   40.969799]  device_for_each_child+0x5e/0xa0\n[   40.969804]  mhi_pm_st_worker+0x921/0xf50 [mhi]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:45:27.179Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135"
        },
        {
          "url": "https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07"
        },
        {
          "url": "https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc"
        }
      ],
      "title": "bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46970",
    "datePublished": "2024-02-27T18:47:06.071Z",
    "dateReserved": "2024-02-27T18:42:55.943Z",
    "dateUpdated": "2026-05-11T13:45:27.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-46970",
      "date": "2026-05-25",
      "epss": "0.00036",
      "percentile": "0.11031"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.11\", \"versionEndExcluding\": \"5.11.20\", \"matchCriteriaId\": \"EEC03413-9760-46D4-AC1D-EB084A1D4111\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.12\", \"versionEndExcluding\": \"5.12.3\", \"matchCriteriaId\": \"F9D6B2DE-7E4A-4B3B-9AEE-3A2C5F23DA32\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue\\n\\nA recent change created a dedicated workqueue for the state-change work\\nwith WQ_HIGHPRI (no strong reason for that) and WQ_MEM_RECLAIM flags,\\nbut the state-change work (mhi_pm_st_worker) does not guarantee forward\\nprogress under memory pressure, and will even wait on various memory\\nallocations when e.g. creating devices, loading firmware, etc... The\\nwork is then not part of a memory reclaim path...\\n\\nMoreover, this causes a warning in check_flush_dependency() since we end\\nup in code that flushes a non-reclaim workqueue:\\n\\n[   40.969601] workqueue: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] is flushing !WQ_MEM_RECLAIM events_highpri:flush_backlog\\n[   40.969612] WARNING: CPU: 4 PID: 158 at kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140\\n[   40.969733] Call Trace:\\n[   40.969740]  __flush_work+0x97/0x1d0\\n[   40.969745]  ? wake_up_process+0x15/0x20\\n[   40.969749]  ? insert_work+0x70/0x80\\n[   40.969750]  ? __queue_work+0x14a/0x3e0\\n[   40.969753]  flush_work+0x10/0x20\\n[   40.969756]  rollback_registered_many+0x1c9/0x510\\n[   40.969759]  unregister_netdevice_queue+0x94/0x120\\n[   40.969761]  unregister_netdev+0x1d/0x30\\n[   40.969765]  mhi_net_remove+0x1a/0x40 [mhi_net]\\n[   40.969770]  mhi_driver_remove+0x124/0x250 [mhi]\\n[   40.969776]  device_release_driver_internal+0xf0/0x1d0\\n[   40.969778]  device_release_driver+0x12/0x20\\n[   40.969782]  bus_remove_device+0xe1/0x150\\n[   40.969786]  device_del+0x17b/0x3e0\\n[   40.969791]  mhi_destroy_device+0x9a/0x100 [mhi]\\n[   40.969796]  ? mhi_unmap_single_use_bb+0x50/0x50 [mhi]\\n[   40.969799]  device_for_each_child+0x5e/0xa0\\n[   40.969804]  mhi_pm_st_worker+0x921/0xf50 [mhi]\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bus: mhi: pci_generic: Eliminar el indicador WQ_MEM_RECLAIM de la cola de trabajo de estado Un cambio reciente cre\\u00f3 una cola de trabajo dedicada para el trabajo de cambio de estado con los indicadores WQ_HIGHPRI (sin ninguna raz\\u00f3n importante para ello) y WQ_MEM_RECLAIM. pero el trabajo de cambio de estado (mhi_pm_st_worker) no garantiza el progreso hacia adelante bajo presi\\u00f3n de la memoria, e incluso esperar\\u00e1 varias asignaciones de memoria cuando, por ejemplo, se crean dispositivos, se carga firmware, etc... El trabajo entonces no forma parte de una ruta de recuperaci\\u00f3n de memoria. .. Adem\\u00e1s, esto provoca una advertencia en check_flush_dependency() ya que terminamos en un c\\u00f3digo que vac\\u00eda una cola de trabajo que no es de recuperaci\\u00f3n: [ 40.969601] cola de trabajo: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] est\\u00e1 descargando !WQ_MEM_RECLAIM events_highpri:flush_backlog [ 40.969612] ADVERTENCIA : CPU: 4 PID: 158 en kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140 [40.969733] Seguimiento de llamadas: [40.969740] __flush_work+0x97/0x1d0 [40.969745]? proceso_despertador+0x15/0x20 [40.969749]? insertar_trabajo+0x70/0x80 [40.969750]? __queue_work+0x14a/0x3e0 [ 40.969753] Flush_work+0x10/0x20 [ 40.969756] rollback_registered_many+0x1c9/0x510 [ 40.969759] unregister_netdevice_queue+0x94/0x120 [ 40.969761] anular el registro _netdev+0x1d/0x30 [ 40.969765] mhi_net_remove+0x1a/0x40 [mhi_net] [ 40.969770 ] mhi_driver_remove+0x124/0x250 [mhi] [ 40.969776] dispositivo_release_driver_internal+0xf0/0x1d0 [ 40.969778] dispositivo_release_driver+0x12/0x20 [ 40.969782] bus_remove_device+0xe1/0x150 [ 40.9 69786] dispositivo_del+0x17b/0x3e0 [ 40.969791] mhi_destroy_device+0x9a/0x100 [ mhi] [40.969796]? mhi_unmap_single_use_bb+0x50/0x50 [mhi] [ 40.969799] dispositivo_para_cada_ni\\u00f1o+0x5e/0xa0 [ 40.969804] mhi_pm_st_worker+0x921/0xf50 [mhi]\"}]",
      "id": "CVE-2021-46970",
      "lastModified": "2025-01-08T17:22:48.013",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}]}",
      "published": "2024-02-27T19:04:07.303",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-46970\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-27T19:04:07.303\",\"lastModified\":\"2025-01-08T17:22:48.013\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue\\n\\nA recent change created a dedicated workqueue for the state-change work\\nwith WQ_HIGHPRI (no strong reason for that) and WQ_MEM_RECLAIM flags,\\nbut the state-change work (mhi_pm_st_worker) does not guarantee forward\\nprogress under memory pressure, and will even wait on various memory\\nallocations when e.g. creating devices, loading firmware, etc... The\\nwork is then not part of a memory reclaim path...\\n\\nMoreover, this causes a warning in check_flush_dependency() since we end\\nup in code that flushes a non-reclaim workqueue:\\n\\n[   40.969601] workqueue: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] is flushing !WQ_MEM_RECLAIM events_highpri:flush_backlog\\n[   40.969612] WARNING: CPU: 4 PID: 158 at kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140\\n[   40.969733] Call Trace:\\n[   40.969740]  __flush_work+0x97/0x1d0\\n[   40.969745]  ? wake_up_process+0x15/0x20\\n[   40.969749]  ? insert_work+0x70/0x80\\n[   40.969750]  ? __queue_work+0x14a/0x3e0\\n[   40.969753]  flush_work+0x10/0x20\\n[   40.969756]  rollback_registered_many+0x1c9/0x510\\n[   40.969759]  unregister_netdevice_queue+0x94/0x120\\n[   40.969761]  unregister_netdev+0x1d/0x30\\n[   40.969765]  mhi_net_remove+0x1a/0x40 [mhi_net]\\n[   40.969770]  mhi_driver_remove+0x124/0x250 [mhi]\\n[   40.969776]  device_release_driver_internal+0xf0/0x1d0\\n[   40.969778]  device_release_driver+0x12/0x20\\n[   40.969782]  bus_remove_device+0xe1/0x150\\n[   40.969786]  device_del+0x17b/0x3e0\\n[   40.969791]  mhi_destroy_device+0x9a/0x100 [mhi]\\n[   40.969796]  ? mhi_unmap_single_use_bb+0x50/0x50 [mhi]\\n[   40.969799]  device_for_each_child+0x5e/0xa0\\n[   40.969804]  mhi_pm_st_worker+0x921/0xf50 [mhi]\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bus: mhi: pci_generic: Eliminar el indicador WQ_MEM_RECLAIM de la cola de trabajo de estado Un cambio reciente cre\u00f3 una cola de trabajo dedicada para el trabajo de cambio de estado con los indicadores WQ_HIGHPRI (sin ninguna raz\u00f3n importante para ello) y WQ_MEM_RECLAIM. pero el trabajo de cambio de estado (mhi_pm_st_worker) no garantiza el progreso hacia adelante bajo presi\u00f3n de la memoria, e incluso esperar\u00e1 varias asignaciones de memoria cuando, por ejemplo, se crean dispositivos, se carga firmware, etc... El trabajo entonces no forma parte de una ruta de recuperaci\u00f3n de memoria. .. Adem\u00e1s, esto provoca una advertencia en check_flush_dependency() ya que terminamos en un c\u00f3digo que vac\u00eda una cola de trabajo que no es de recuperaci\u00f3n: [ 40.969601] cola de trabajo: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] est\u00e1 descargando !WQ_MEM_RECLAIM events_highpri:flush_backlog [ 40.969612] ADVERTENCIA : CPU: 4 PID: 158 en kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140 [40.969733] Seguimiento de llamadas: [40.969740] __flush_work+0x97/0x1d0 [40.969745]? proceso_despertador+0x15/0x20 [40.969749]? insertar_trabajo+0x70/0x80 [40.969750]? __queue_work+0x14a/0x3e0 [ 40.969753] Flush_work+0x10/0x20 [ 40.969756] rollback_registered_many+0x1c9/0x510 [ 40.969759] unregister_netdevice_queue+0x94/0x120 [ 40.969761] anular el registro _netdev+0x1d/0x30 [ 40.969765] mhi_net_remove+0x1a/0x40 [mhi_net] [ 40.969770 ] mhi_driver_remove+0x124/0x250 [mhi] [ 40.969776] dispositivo_release_driver_internal+0xf0/0x1d0 [ 40.969778] dispositivo_release_driver+0x12/0x20 [ 40.969782] bus_remove_device+0xe1/0x150 [ 40.9 69786] dispositivo_del+0x17b/0x3e0 [ 40.969791] mhi_destroy_device+0x9a/0x100 [ mhi] [40.969796]? mhi_unmap_single_use_bb+0x50/0x50 [mhi] [ 40.969799] dispositivo_para_cada_ni\u00f1o+0x5e/0xa0 [ 40.969804] mhi_pm_st_worker+0x921/0xf50 [mhi]\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.11.20\",\"matchCriteriaId\":\"EEC03413-9760-46D4-AC1D-EB084A1D4111\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.12\",\"versionEndExcluding\":\"5.12.3\",\"matchCriteriaId\":\"F9D6B2DE-7E4A-4B3B-9AEE-3A2C5F23DA32\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T05:17:42.997Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-46970\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-05T22:31:16.861503Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:10.239Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"8f70397876872789b2a5deba804eb6216fb5deb7\", \"lessThan\": \"abd1510c08a13c88d24b622a83c82e87ff1d3135\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"8f70397876872789b2a5deba804eb6216fb5deb7\", \"lessThan\": \"ed541cff35cbdb695f0c98ef506dd7218883fc07\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"8f70397876872789b2a5deba804eb6216fb5deb7\", \"lessThan\": \"0fccbf0a3b690b162f53b13ed8bc442ea33437dc\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/bus/mhi/core/init.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.11\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.11\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.11.20\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.11.*\"}, {\"status\": \"unaffected\", \"version\": \"5.12.3\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.12.*\"}, {\"status\": \"unaffected\", \"version\": \"5.13\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/bus/mhi/core/init.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135\"}, {\"url\": \"https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07\"}, {\"url\": \"https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nbus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue\\n\\nA recent change created a dedicated workqueue for the state-change work\\nwith WQ_HIGHPRI (no strong reason for that) and WQ_MEM_RECLAIM flags,\\nbut the state-change work (mhi_pm_st_worker) does not guarantee forward\\nprogress under memory pressure, and will even wait on various memory\\nallocations when e.g. creating devices, loading firmware, etc... The\\nwork is then not part of a memory reclaim path...\\n\\nMoreover, this causes a warning in check_flush_dependency() since we end\\nup in code that flushes a non-reclaim workqueue:\\n\\n[   40.969601] workqueue: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] is flushing !WQ_MEM_RECLAIM events_highpri:flush_backlog\\n[   40.969612] WARNING: CPU: 4 PID: 158 at kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140\\n[   40.969733] Call Trace:\\n[   40.969740]  __flush_work+0x97/0x1d0\\n[   40.969745]  ? wake_up_process+0x15/0x20\\n[   40.969749]  ? insert_work+0x70/0x80\\n[   40.969750]  ? __queue_work+0x14a/0x3e0\\n[   40.969753]  flush_work+0x10/0x20\\n[   40.969756]  rollback_registered_many+0x1c9/0x510\\n[   40.969759]  unregister_netdevice_queue+0x94/0x120\\n[   40.969761]  unregister_netdev+0x1d/0x30\\n[   40.969765]  mhi_net_remove+0x1a/0x40 [mhi_net]\\n[   40.969770]  mhi_driver_remove+0x124/0x250 [mhi]\\n[   40.969776]  device_release_driver_internal+0xf0/0x1d0\\n[   40.969778]  device_release_driver+0x12/0x20\\n[   40.969782]  bus_remove_device+0xe1/0x150\\n[   40.969786]  device_del+0x17b/0x3e0\\n[   40.969791]  mhi_destroy_device+0x9a/0x100 [mhi]\\n[   40.969796]  ? mhi_unmap_single_use_bb+0x50/0x50 [mhi]\\n[   40.969799]  device_for_each_child+0x5e/0xa0\\n[   40.969804]  mhi_pm_st_worker+0x921/0xf50 [mhi]\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.11.20\", \"versionStartIncluding\": \"5.11\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.12.3\", \"versionStartIncluding\": \"5.11\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.13\", \"versionStartIncluding\": \"5.11\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T07:01:24.788Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-46970\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T07:01:24.788Z\", \"dateReserved\": \"2024-02-27T18:42:55.943Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-02-27T18:47:06.071Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

BDU:2025-02995

Vulnerability from fstec - Published: 10.03.2021

Title

Уязвимость функции mhi_register_controller() модуля drivers/bus/mhi/core/init.c - драйвера шины MHI ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании.

Description

Уязвимость функции mhi_register_controller() модуля drivers/bus/mhi/core/init.c - драйвера шины MHI ядра операционной системы Linux связана с неправильной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании.

Severity


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

Сообщество свободного программного обеспечения

Software Name

Debian GNU/Linux, Linux

Software Version

11 (Debian GNU/Linux), 12 (Debian GNU/Linux), от 5.12 до 5.12.2 включительно (Linux), от 5.11 до 5.11.19 включительно (Linux)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для Linux: https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135 https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07 https://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46970-de08@gregkh/T/#u https://git.kernel.org/linus/0fccbf0a3b690b162f53b13ed8bc442ea33437dc https://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46970-de08@gregkh/ https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.20 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.3 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2021-46970

Reference

https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135 https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46970 https://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46970-de08@gregkh/T/#u https://git.kernel.org/linus/0fccbf0a3b690b162f53b13ed8bc442ea33437dc https://www.cve.org/CVERecord?id=CVE-2021-46970 https://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46970-de08@gregkh/ https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.20 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.3 https://security-tracker.debian.org/tracker/CVE-2021-46970

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11 (Debian GNU/Linux), 12 (Debian GNU/Linux), \u043e\u0442 5.12 \u0434\u043e 5.12.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.11 \u0434\u043e 5.11.19 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc\nhttps://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135\nhttps://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07\nhttps://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46970-de08@gregkh/T/#u\nhttps://git.kernel.org/linus/0fccbf0a3b690b162f53b13ed8bc442ea33437dc\nhttps://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46970-de08@gregkh/\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.20\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.3\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-46970",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.03.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.03.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-02995",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-46970",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.12 \u0434\u043e 5.12.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.11 \u0434\u043e 5.11.19 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 mhi_register_controller() \u043c\u043e\u0434\u0443\u043b\u044f drivers/bus/mhi/core/init.c - \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u0448\u0438\u043d\u044b MHI \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438.",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 mhi_register_controller() \u043c\u043e\u0434\u0443\u043b\u044f drivers/bus/mhi/core/init.c - \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u0448\u0438\u043d\u044b MHI \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438.",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc\nhttps://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135\nhttps://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46970\nhttps://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46970-de08@gregkh/T/#u\nhttps://git.kernel.org/linus/0fccbf0a3b690b162f53b13ed8bc442ea33437dc\nhttps://www.cve.org/CVERecord?id=CVE-2021-46970\nhttps://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46970-de08@gregkh/\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.20\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.3\nhttps://security-tracker.debian.org/tracker/CVE-2021-46970",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}

FKIE_CVE-2021-46970

Vulnerability from fkie_nvd - Published: 2024-02-27 19:04 - Updated: 2025-01-08 17:22

Severity

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135	Patch
af854a3a-2127-422b-91ae-364da2661108	https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07	Patch

Impacted products

	Vendor	Product	Version
	linux	linux_kernel	*
	linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEC03413-9760-46D4-AC1D-EB084A1D4111",
              "versionEndExcluding": "5.11.20",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D6B2DE-7E4A-4B3B-9AEE-3A2C5F23DA32",
              "versionEndExcluding": "5.12.3",
              "versionStartIncluding": "5.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue\n\nA recent change created a dedicated workqueue for the state-change work\nwith WQ_HIGHPRI (no strong reason for that) and WQ_MEM_RECLAIM flags,\nbut the state-change work (mhi_pm_st_worker) does not guarantee forward\nprogress under memory pressure, and will even wait on various memory\nallocations when e.g. creating devices, loading firmware, etc... The\nwork is then not part of a memory reclaim path...\n\nMoreover, this causes a warning in check_flush_dependency() since we end\nup in code that flushes a non-reclaim workqueue:\n\n[   40.969601] workqueue: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] is flushing !WQ_MEM_RECLAIM events_highpri:flush_backlog\n[   40.969612] WARNING: CPU: 4 PID: 158 at kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140\n[   40.969733] Call Trace:\n[   40.969740]  __flush_work+0x97/0x1d0\n[   40.969745]  ? wake_up_process+0x15/0x20\n[   40.969749]  ? insert_work+0x70/0x80\n[   40.969750]  ? __queue_work+0x14a/0x3e0\n[   40.969753]  flush_work+0x10/0x20\n[   40.969756]  rollback_registered_many+0x1c9/0x510\n[   40.969759]  unregister_netdevice_queue+0x94/0x120\n[   40.969761]  unregister_netdev+0x1d/0x30\n[   40.969765]  mhi_net_remove+0x1a/0x40 [mhi_net]\n[   40.969770]  mhi_driver_remove+0x124/0x250 [mhi]\n[   40.969776]  device_release_driver_internal+0xf0/0x1d0\n[   40.969778]  device_release_driver+0x12/0x20\n[   40.969782]  bus_remove_device+0xe1/0x150\n[   40.969786]  device_del+0x17b/0x3e0\n[   40.969791]  mhi_destroy_device+0x9a/0x100 [mhi]\n[   40.969796]  ? mhi_unmap_single_use_bb+0x50/0x50 [mhi]\n[   40.969799]  device_for_each_child+0x5e/0xa0\n[   40.969804]  mhi_pm_st_worker+0x921/0xf50 [mhi]"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bus: mhi: pci_generic: Eliminar el indicador WQ_MEM_RECLAIM de la cola de trabajo de estado Un cambio reciente cre\u00f3 una cola de trabajo dedicada para el trabajo de cambio de estado con los indicadores WQ_HIGHPRI (sin ninguna raz\u00f3n importante para ello) y WQ_MEM_RECLAIM. pero el trabajo de cambio de estado (mhi_pm_st_worker) no garantiza el progreso hacia adelante bajo presi\u00f3n de la memoria, e incluso esperar\u00e1 varias asignaciones de memoria cuando, por ejemplo, se crean dispositivos, se carga firmware, etc... El trabajo entonces no forma parte de una ruta de recuperaci\u00f3n de memoria. .. Adem\u00e1s, esto provoca una advertencia en check_flush_dependency() ya que terminamos en un c\u00f3digo que vac\u00eda una cola de trabajo que no es de recuperaci\u00f3n: [ 40.969601] cola de trabajo: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] est\u00e1 descargando !WQ_MEM_RECLAIM events_highpri:flush_backlog [ 40.969612] ADVERTENCIA : CPU: 4 PID: 158 en kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140 [40.969733] Seguimiento de llamadas: [40.969740] __flush_work+0x97/0x1d0 [40.969745]? proceso_despertador+0x15/0x20 [40.969749]? insertar_trabajo+0x70/0x80 [40.969750]? __queue_work+0x14a/0x3e0 [ 40.969753] Flush_work+0x10/0x20 [ 40.969756] rollback_registered_many+0x1c9/0x510 [ 40.969759] unregister_netdevice_queue+0x94/0x120 [ 40.969761] anular el registro _netdev+0x1d/0x30 [ 40.969765] mhi_net_remove+0x1a/0x40 [mhi_net] [ 40.969770 ] mhi_driver_remove+0x124/0x250 [mhi] [ 40.969776] dispositivo_release_driver_internal+0xf0/0x1d0 [ 40.969778] dispositivo_release_driver+0x12/0x20 [ 40.969782] bus_remove_device+0xe1/0x150 [ 40.9 69786] dispositivo_del+0x17b/0x3e0 [ 40.969791] mhi_destroy_device+0x9a/0x100 [ mhi] [40.969796]? mhi_unmap_single_use_bb+0x50/0x50 [mhi] [ 40.969799] dispositivo_para_cada_ni\u00f1o+0x5e/0xa0 [ 40.969804] mhi_pm_st_worker+0x921/0xf50 [mhi]"
    }
  ],
  "id": "CVE-2021-46970",
  "lastModified": "2025-01-08T17:22:48.013",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-27T19:04:07.303",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JFX3-F7MG-7CP3

Vulnerability from github – Published: 2024-02-27 21:31 – Updated: 2025-01-08 18:30

Details

In the Linux kernel, the following vulnerability has been resolved:

bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue

A recent change created a dedicated workqueue for the state-change work with WQ_HIGHPRI (no strong reason for that) and WQ_MEM_RECLAIM flags, but the state-change work (mhi_pm_st_worker) does not guarantee forward progress under memory pressure, and will even wait on various memory allocations when e.g. creating devices, loading firmware, etc... The work is then not part of a memory reclaim path...

Moreover, this causes a warning in check_flush_dependency() since we end up in code that flushes a non-reclaim workqueue:

[ 40.969601] workqueue: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] is flushing !WQ_MEM_RECLAIM events_highpri:flush_backlog [ 40.969612] WARNING: CPU: 4 PID: 158 at kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140 [ 40.969733] Call Trace: [ 40.969740] __flush_work+0x97/0x1d0 [ 40.969745] ? wake_up_process+0x15/0x20 [ 40.969749] ? insert_work+0x70/0x80 [ 40.969750] ? __queue_work+0x14a/0x3e0 [ 40.969753] flush_work+0x10/0x20 [ 40.969756] rollback_registered_many+0x1c9/0x510 [ 40.969759] unregister_netdevice_queue+0x94/0x120 [ 40.969761] unregister_netdev+0x1d/0x30 [ 40.969765] mhi_net_remove+0x1a/0x40 [mhi_net] [ 40.969770] mhi_driver_remove+0x124/0x250 [mhi] [ 40.969776] device_release_driver_internal+0xf0/0x1d0 [ 40.969778] device_release_driver+0x12/0x20 [ 40.969782] bus_remove_device+0xe1/0x150 [ 40.969786] device_del+0x17b/0x3e0 [ 40.969791] mhi_destroy_device+0x9a/0x100 [mhi] [ 40.969796] ? mhi_unmap_single_use_bb+0x50/0x50 [mhi] [ 40.969799] device_for_each_child+0x5e/0xa0 [ 40.969804] mhi_pm_st_worker+0x921/0xf50 [mhi]

Severity

5.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-46970"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-27T19:04:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue\n\nA recent change created a dedicated workqueue for the state-change work\nwith WQ_HIGHPRI (no strong reason for that) and WQ_MEM_RECLAIM flags,\nbut the state-change work (mhi_pm_st_worker) does not guarantee forward\nprogress under memory pressure, and will even wait on various memory\nallocations when e.g. creating devices, loading firmware, etc... The\nwork is then not part of a memory reclaim path...\n\nMoreover, this causes a warning in check_flush_dependency() since we end\nup in code that flushes a non-reclaim workqueue:\n\n[   40.969601] workqueue: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] is flushing !WQ_MEM_RECLAIM events_highpri:flush_backlog\n[   40.969612] WARNING: CPU: 4 PID: 158 at kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140\n[   40.969733] Call Trace:\n[   40.969740]  __flush_work+0x97/0x1d0\n[   40.969745]  ? wake_up_process+0x15/0x20\n[   40.969749]  ? insert_work+0x70/0x80\n[   40.969750]  ? __queue_work+0x14a/0x3e0\n[   40.969753]  flush_work+0x10/0x20\n[   40.969756]  rollback_registered_many+0x1c9/0x510\n[   40.969759]  unregister_netdevice_queue+0x94/0x120\n[   40.969761]  unregister_netdev+0x1d/0x30\n[   40.969765]  mhi_net_remove+0x1a/0x40 [mhi_net]\n[   40.969770]  mhi_driver_remove+0x124/0x250 [mhi]\n[   40.969776]  device_release_driver_internal+0xf0/0x1d0\n[   40.969778]  device_release_driver+0x12/0x20\n[   40.969782]  bus_remove_device+0xe1/0x150\n[   40.969786]  device_del+0x17b/0x3e0\n[   40.969791]  mhi_destroy_device+0x9a/0x100 [mhi]\n[   40.969796]  ? mhi_unmap_single_use_bb+0x50/0x50 [mhi]\n[   40.969799]  device_for_each_child+0x5e/0xa0\n[   40.969804]  mhi_pm_st_worker+0x921/0xf50 [mhi]",
  "id": "GHSA-jfx3-f7mg-7cp3",
  "modified": "2025-01-08T18:30:40Z",
  "published": "2024-02-27T21:31:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46970"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2021-46970

Vulnerability from gsd - Updated: 2024-02-28 06:03

Details

Aliases

CVE-2021-46970

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-46970"
      ],
      "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue\n\nA recent change created a dedicated workqueue for the state-change work\nwith WQ_HIGHPRI (no strong reason for that) and WQ_MEM_RECLAIM flags,\nbut the state-change work (mhi_pm_st_worker) does not guarantee forward\nprogress under memory pressure, and will even wait on various memory\nallocations when e.g. creating devices, loading firmware, etc... The\nwork is then not part of a memory reclaim path...\n\nMoreover, this causes a warning in check_flush_dependency() since we end\nup in code that flushes a non-reclaim workqueue:\n\n[   40.969601] workqueue: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] is flushing !WQ_MEM_RECLAIM events_highpri:flush_backlog\n[   40.969612] WARNING: CPU: 4 PID: 158 at kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140\n[   40.969733] Call Trace:\n[   40.969740]  __flush_work+0x97/0x1d0\n[   40.969745]  ? wake_up_process+0x15/0x20\n[   40.969749]  ? insert_work+0x70/0x80\n[   40.969750]  ? __queue_work+0x14a/0x3e0\n[   40.969753]  flush_work+0x10/0x20\n[   40.969756]  rollback_registered_many+0x1c9/0x510\n[   40.969759]  unregister_netdevice_queue+0x94/0x120\n[   40.969761]  unregister_netdev+0x1d/0x30\n[   40.969765]  mhi_net_remove+0x1a/0x40 [mhi_net]\n[   40.969770]  mhi_driver_remove+0x124/0x250 [mhi]\n[   40.969776]  device_release_driver_internal+0xf0/0x1d0\n[   40.969778]  device_release_driver+0x12/0x20\n[   40.969782]  bus_remove_device+0xe1/0x150\n[   40.969786]  device_del+0x17b/0x3e0\n[   40.969791]  mhi_destroy_device+0x9a/0x100 [mhi]\n[   40.969796]  ? mhi_unmap_single_use_bb+0x50/0x50 [mhi]\n[   40.969799]  device_for_each_child+0x5e/0xa0\n[   40.969804]  mhi_pm_st_worker+0x921/0xf50 [mhi]",
      "id": "GSD-2021-46970",
      "modified": "2024-02-28T06:03:57.627158Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@kernel.org",
        "ID": "CVE-2021-46970",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Linux",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "8f7039787687",
                          "version_value": "abd1510c08a1"
                        },
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "status": "affected",
                                "version": "5.11"
                              },
                              {
                                "lessThan": "5.11",
                                "status": "unaffected",
                                "version": "0",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.11.*",
                                "status": "unaffected",
                                "version": "5.11.20",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "5.12.*",
                                "status": "unaffected",
                                "version": "5.12.3",
                                "versionType": "custom"
                              },
                              {
                                "lessThanOrEqual": "*",
                                "status": "unaffected",
                                "version": "5.13",
                                "versionType": "original_commit_for_fix"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Linux"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue\n\nA recent change created a dedicated workqueue for the state-change work\nwith WQ_HIGHPRI (no strong reason for that) and WQ_MEM_RECLAIM flags,\nbut the state-change work (mhi_pm_st_worker) does not guarantee forward\nprogress under memory pressure, and will even wait on various memory\nallocations when e.g. creating devices, loading firmware, etc... The\nwork is then not part of a memory reclaim path...\n\nMoreover, this causes a warning in check_flush_dependency() since we end\nup in code that flushes a non-reclaim workqueue:\n\n[   40.969601] workqueue: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] is flushing !WQ_MEM_RECLAIM events_highpri:flush_backlog\n[   40.969612] WARNING: CPU: 4 PID: 158 at kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140\n[   40.969733] Call Trace:\n[   40.969740]  __flush_work+0x97/0x1d0\n[   40.969745]  ? wake_up_process+0x15/0x20\n[   40.969749]  ? insert_work+0x70/0x80\n[   40.969750]  ? __queue_work+0x14a/0x3e0\n[   40.969753]  flush_work+0x10/0x20\n[   40.969756]  rollback_registered_many+0x1c9/0x510\n[   40.969759]  unregister_netdevice_queue+0x94/0x120\n[   40.969761]  unregister_netdev+0x1d/0x30\n[   40.969765]  mhi_net_remove+0x1a/0x40 [mhi_net]\n[   40.969770]  mhi_driver_remove+0x124/0x250 [mhi]\n[   40.969776]  device_release_driver_internal+0xf0/0x1d0\n[   40.969778]  device_release_driver+0x12/0x20\n[   40.969782]  bus_remove_device+0xe1/0x150\n[   40.969786]  device_del+0x17b/0x3e0\n[   40.969791]  mhi_destroy_device+0x9a/0x100 [mhi]\n[   40.969796]  ? mhi_unmap_single_use_bb+0x50/0x50 [mhi]\n[   40.969799]  device_for_each_child+0x5e/0xa0\n[   40.969804]  mhi_pm_st_worker+0x921/0xf50 [mhi]"
          }
        ]
      },
      "generator": {
        "engine": "bippy-b01c2a820106"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135"
          },
          {
            "name": "https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07"
          },
          {
            "name": "https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc",
            "refsource": "MISC",
            "url": "https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue\n\nA recent change created a dedicated workqueue for the state-change work\nwith WQ_HIGHPRI (no strong reason for that) and WQ_MEM_RECLAIM flags,\nbut the state-change work (mhi_pm_st_worker) does not guarantee forward\nprogress under memory pressure, and will even wait on various memory\nallocations when e.g. creating devices, loading firmware, etc... The\nwork is then not part of a memory reclaim path...\n\nMoreover, this causes a warning in check_flush_dependency() since we end\nup in code that flushes a non-reclaim workqueue:\n\n[   40.969601] workqueue: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] is flushing !WQ_MEM_RECLAIM events_highpri:flush_backlog\n[   40.969612] WARNING: CPU: 4 PID: 158 at kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140\n[   40.969733] Call Trace:\n[   40.969740]  __flush_work+0x97/0x1d0\n[   40.969745]  ? wake_up_process+0x15/0x20\n[   40.969749]  ? insert_work+0x70/0x80\n[   40.969750]  ? __queue_work+0x14a/0x3e0\n[   40.969753]  flush_work+0x10/0x20\n[   40.969756]  rollback_registered_many+0x1c9/0x510\n[   40.969759]  unregister_netdevice_queue+0x94/0x120\n[   40.969761]  unregister_netdev+0x1d/0x30\n[   40.969765]  mhi_net_remove+0x1a/0x40 [mhi_net]\n[   40.969770]  mhi_driver_remove+0x124/0x250 [mhi]\n[   40.969776]  device_release_driver_internal+0xf0/0x1d0\n[   40.969778]  device_release_driver+0x12/0x20\n[   40.969782]  bus_remove_device+0xe1/0x150\n[   40.969786]  device_del+0x17b/0x3e0\n[   40.969791]  mhi_destroy_device+0x9a/0x100 [mhi]\n[   40.969796]  ? mhi_unmap_single_use_bb+0x50/0x50 [mhi]\n[   40.969799]  device_for_each_child+0x5e/0xa0\n[   40.969804]  mhi_pm_st_worker+0x921/0xf50 [mhi]"
          },
          {
            "lang": "es",
            "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bus: mhi: pci_generic: Eliminar el indicador WQ_MEM_RECLAIM de la cola de trabajo de estado Un cambio reciente cre\u00f3 una cola de trabajo dedicada para el trabajo de cambio de estado con los indicadores WQ_HIGHPRI (sin ninguna raz\u00f3n importante para ello) y WQ_MEM_RECLAIM. pero el trabajo de cambio de estado (mhi_pm_st_worker) no garantiza el progreso hacia adelante bajo presi\u00f3n de la memoria, e incluso esperar\u00e1 varias asignaciones de memoria cuando, por ejemplo, se crean dispositivos, se carga firmware, etc... El trabajo entonces no forma parte de una ruta de recuperaci\u00f3n de memoria. .. Adem\u00e1s, esto provoca una advertencia en check_flush_dependency() ya que terminamos en un c\u00f3digo que vac\u00eda una cola de trabajo que no es de recuperaci\u00f3n: [ 40.969601] cola de trabajo: WQ_MEM_RECLAIM mhi_hiprio_wq:mhi_pm_st_worker [mhi] est\u00e1 descargando !WQ_MEM_RECLAIM events_highpri:flush_backlog [ 40.969612] ADVERTENCIA : CPU: 4 PID: 158 en kernel/workqueue.c:2607 check_flush_dependency+0x11c/0x140 [40.969733] Seguimiento de llamadas: [40.969740] __flush_work+0x97/0x1d0 [40.969745]? proceso_despertador+0x15/0x20 [40.969749]? insertar_trabajo+0x70/0x80 [40.969750]? __queue_work+0x14a/0x3e0 [ 40.969753] Flush_work+0x10/0x20 [ 40.969756] rollback_registered_many+0x1c9/0x510 [ 40.969759] unregister_netdevice_queue+0x94/0x120 [ 40.969761] anular el registro _netdev+0x1d/0x30 [ 40.969765] mhi_net_remove+0x1a/0x40 [mhi_net] [ 40.969770 ] mhi_driver_remove+0x124/0x250 [mhi] [ 40.969776] dispositivo_release_driver_internal+0xf0/0x1d0 [ 40.969778] dispositivo_release_driver+0x12/0x20 [ 40.969782] bus_remove_device+0xe1/0x150 [ 40.9 69786] dispositivo_del+0x17b/0x3e0 [ 40.969791] mhi_destroy_device+0x9a/0x100 [ mhi] [40.969796]? mhi_unmap_single_use_bb+0x50/0x50 [mhi] [ 40.969799] dispositivo_para_cada_ni\u00f1o+0x5e/0xa0 [ 40.969804] mhi_pm_st_worker+0x921/0xf50 [mhi]"
          }
        ],
        "id": "CVE-2021-46970",
        "lastModified": "2024-02-28T14:06:45.783",
        "metrics": {},
        "published": "2024-02-27T19:04:07.303",
        "references": [
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/0fccbf0a3b690b162f53b13ed8bc442ea33437dc"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/abd1510c08a13c88d24b622a83c82e87ff1d3135"
          },
          {
            "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            "url": "https://git.kernel.org/stable/c/ed541cff35cbdb695f0c98ef506dd7218883fc07"
          }
        ],
        "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}

WID-SEC-W-2024-0500

Vulnerability from csaf_certbund - Published: 2024-02-27 23:00 - Updated: 2025-03-04 23:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux

CVE-2021-46942

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46943

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46944

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46945

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46954

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46955

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46956

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46957

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46958

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46960

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46961

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46962

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46963

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46964

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46965

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46966

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46967

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46968

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46969

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46970

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46971

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46972

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46973

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46974

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

CVE-2021-46975

Affected products

Known affected 11 products

Product	Identifier	Version
Open Source Linux Kernel <5.13 Open Source / Linux Kernel		<5.13
EMC Avamar EMC	`cpe:/a:emc:avamar:-`	—
IBM Business Automation Workflow 24.0.0 IBM / Business Automation Workflow	`cpe:/a:ibm:business_automation_workflow:24.0.0`	24.0.0
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
Dell NetWorker Dell / NetWorker	`cpe:/a:dell:networker:-`	—
Dell NetWorker virtual Dell / NetWorker	`cpe:/a:dell:networker:virtual`	virtual
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Dell NetWorker <19.11 Dell / NetWorker		<19.11

References

113 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
http://lore.kernel.org/linux-cve-announce/2024022…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://ubuntu.com/security/notices/USN-6739-1	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.dell.com/support/kbdoc/000224827/dsa-2024-=	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.dell.com/support/kbdoc/de-de/00022663…	external
https://linux.oracle.com/errata/ELSA-2024-4211.html	external
https://access.redhat.com/errata/RHSA-2024:4352	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://errata.build.resf.org/RLSA-2024:4352	external
https://errata.build.resf.org/RLSA-2024:4211	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2024:4631	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://ubuntu.com/security/notices/USN-6938-1	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.dell.com/support/kbdoc/de-de/00022757…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://www.ibm.com/support/pages/node/7167662	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://access.redhat.com/errata/RHSA-2025:2265	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0500 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0500.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0500 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0500"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022715-CVE-2021-46954-b856@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-10-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-7-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-8-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/20240227184057.2368370-9-gregkh@linuxfoundation.org/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46955-b50b@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46956-df60@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46957-90af@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46958-53ff@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022718-CVE-2021-46960-f5ac@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46961-6212@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46962-e081@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46963-32a8@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46964-da8c@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022719-CVE-2021-46965-3b74@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46966-1469@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46967-c991@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46968-8c71@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46969-3263@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46970-de08@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46971-9534@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46972-2ec2@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46973-20ce@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46974-0852@gregkh/"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-27",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022721-CVE-2021-46975-248d@gregkh/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0857-1 vom 2024-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018154.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0856-1 vom 2024-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018155.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0926-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018204.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0925-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018205.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0976-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018185.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0975-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018186.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6739-1 vom 2024-04-19",
        "url": "https://ubuntu.com/security/notices/USN-6739-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1454-1 vom 2024-04-26",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018431.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-198 vom 2024-05-08",
        "url": "https://www.dell.com/support/kbdoc/000224827/dsa-2024-="
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1642-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018530.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1643-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018529.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1645-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018527.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1648-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018524.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1646-1 vom 2024-05-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018526.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1650-1 vom 2024-05-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018533.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1648-2 vom 2024-05-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018572.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1870-1 vom 2024-05-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018634.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1983-1 vom 2024-06-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018700.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2109-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018772.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2130-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018774.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2120-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018777.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2121-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018776.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2143-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018792.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2139-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018773.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2145-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018791.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2123-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018779.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2115-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018778.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2147-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018790.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2148-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018789.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2124-1 vom 2024-06-21",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018775.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2184-1 vom 2024-06-24",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018807.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2202-1 vom 2024-06-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018827.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-022 vom 2024-07-03",
        "url": "https://www.dell.com/support/kbdoc/de-de/000226633/dsa-2024-022-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-4211 vom 2024-07-03",
        "url": "https://linux.oracle.com/errata/ELSA-2024-4211.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4352 vom 2024-07-08",
        "url": "https://access.redhat.com/errata/RHSA-2024:4352"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2344-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018892.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2343-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018893.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2373-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018895.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2357-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018899.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:4352 vom 2024-07-15",
        "url": "https://errata.build.resf.org/RLSA-2024:4352"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:4211 vom 2024-07-15",
        "url": "https://errata.build.resf.org/RLSA-2024:4211"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2559-1 vom 2024-07-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018998.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
        "url": "https://access.redhat.com/errata/RHSA-2024:4631"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2558-1 vom 2024-07-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018999.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6938-1 vom 2024-07-31",
        "url": "https://ubuntu.com/security/notices/USN-6938-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2740-1 vom 2024-08-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019092.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2755-1 vom 2024-08-05",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019097.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2758-1 vom 2024-08-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019109.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-348 vom 2024-08-06",
        "url": "https://www.dell.com/support/kbdoc/de-de/000227573/dsa-2024-348-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2773-1 vom 2024-08-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019112.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2822-1 vom 2024-08-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019154.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2821-1 vom 2024-08-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019155.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1465-1 vom 2024-08-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019273.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1489-1 vom 2024-08-19",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/D5LYDXV5ACGHUYO5XWLWD5VAOA5HLJ7U/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3015-1 vom 2024-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019309.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3044-1 vom 2024-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019321.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3037-1 vom 2024-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019326.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3034-1 vom 2024-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019315.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3048-1 vom 2024-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019320.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3043-1 vom 2024-08-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019322.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7167662 vom 2024-09-05",
        "url": "https://www.ibm.com/support/pages/node/7167662"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3642-1 vom 2024-10-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019612.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3649-1 vom 2024-10-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019619.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3663-1 vom 2024-10-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019624.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3662-1 vom 2024-10-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019625.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3652-1 vom 2024-10-16",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XAOP5G7ENALTQ2BLIJROCRJ3STRXQOFY/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3651-1 vom 2024-10-16",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VLAP2QXVEHLNNWBLHF53IAVX5KBCFJGW/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3803-1 vom 2024-10-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019712.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3796-1 vom 2024-10-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019700.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3814-1 vom 2024-10-30",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/QW54KPSGGX7Q3N4CIMSAGZRZY4WGZV2D/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3821-1 vom 2024-10-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019729.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3820-1 vom 2024-10-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019730.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3798-1 vom 2024-10-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019698.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4226-1 vom 2024-12-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019950.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4249-1 vom 2024-12-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019953.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4256-1 vom 2024-12-06",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/34BVCDIDBQSXQ6Y3TVDGD4FSZ7N3D3LI/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4242-1 vom 2024-12-06",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019958.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4264-1 vom 2024-12-09",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/SZPUHL7SUZ57L3OJFO25IHYVDJ76ONGC/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4263-1 vom 2024-12-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019971.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0091-1 vom 2025-01-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020100.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0103-1 vom 2025-01-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020115.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0106-1 vom 2025-01-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020113.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0101-1 vom 2025-01-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020116.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0240-1 vom 2025-01-27",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/YCBYAV5OJRXD362FDCZUSIHNHOURONCF/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0244-1 vom 2025-01-27",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020222.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:2265 vom 2025-03-05",
        "url": "https://access.redhat.com/errata/RHSA-2025:2265"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
    "tracking": {
      "current_release_date": "2025-03-04T23:00:00.000+00:00",
      "generator": {
        "date": "2025-03-05T09:42:34.061+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2024-0500",
      "initial_release_date": "2024-02-27T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-27T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-03-12T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-03-24T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-04-21T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-28T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-07T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Dell aufgenommen"
        },
        {
          "date": "2024-05-14T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-21T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-30T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-11T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-20T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-23T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-24T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-06-25T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-02T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Dell und Oracle Linux aufgenommen"
        },
        {
          "date": "2024-07-07T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-07-09T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-15T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2024-07-18T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von SUSE und Red Hat aufgenommen"
        },
        {
          "date": "2024-07-31T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-05T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-06T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-08T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-19T22:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-26T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-08-27T22:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-09-05T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-10-15T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-10-16T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-10-30T23:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-08T23:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-12-09T23:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-01-13T23:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-01-14T23:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-01-26T23:00:00.000+00:00",
          "number": "35",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-01-27T23:00:00.000+00:00",
          "number": "36",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-03-04T23:00:00.000+00:00",
          "number": "37",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "37"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Dell NetWorker",
                "product": {
                  "name": "Dell NetWorker",
                  "product_id": "T024663",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "virtual",
                "product": {
                  "name": "Dell NetWorker virtual",
                  "product_id": "T034583",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:virtual"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c19.11",
                "product": {
                  "name": "Dell NetWorker \u003c19.11",
                  "product_id": "T035785"
                }
              },
              {
                "category": "product_version",
                "name": "19.11",
                "product": {
                  "name": "Dell NetWorker 19.11",
                  "product_id": "T035785-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:19.11"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC Avamar",
            "product": {
              "name": "EMC Avamar",
              "product_id": "T014381",
              "product_identification_helper": {
                "cpe": "cpe:/a:emc:avamar:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "24.0.0",
                "product": {
                  "name": "IBM Business Automation Workflow 24.0.0",
                  "product_id": "T036570",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:business_automation_workflow:24.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Business Automation Workflow"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c5.13",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.13",
                  "product_id": "T033114"
                }
              },
              {
                "category": "product_version",
                "name": "5.13",
                "product": {
                  "name": "Open Source Linux Kernel 5.13",
                  "product_id": "T033114-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:5.13"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-46942",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46942"
    },
    {
      "cve": "CVE-2021-46943",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46943"
    },
    {
      "cve": "CVE-2021-46944",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46944"
    },
    {
      "cve": "CVE-2021-46945",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46945"
    },
    {
      "cve": "CVE-2021-46954",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46954"
    },
    {
      "cve": "CVE-2021-46955",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46955"
    },
    {
      "cve": "CVE-2021-46956",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46956"
    },
    {
      "cve": "CVE-2021-46957",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46957"
    },
    {
      "cve": "CVE-2021-46958",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46958"
    },
    {
      "cve": "CVE-2021-46960",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46960"
    },
    {
      "cve": "CVE-2021-46961",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46961"
    },
    {
      "cve": "CVE-2021-46962",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46962"
    },
    {
      "cve": "CVE-2021-46963",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46963"
    },
    {
      "cve": "CVE-2021-46964",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46964"
    },
    {
      "cve": "CVE-2021-46965",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46965"
    },
    {
      "cve": "CVE-2021-46966",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46966"
    },
    {
      "cve": "CVE-2021-46967",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46967"
    },
    {
      "cve": "CVE-2021-46968",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46968"
    },
    {
      "cve": "CVE-2021-46969",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46969"
    },
    {
      "cve": "CVE-2021-46970",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46970"
    },
    {
      "cve": "CVE-2021-46971",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46971"
    },
    {
      "cve": "CVE-2021-46972",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46972"
    },
    {
      "cve": "CVE-2021-46973",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46973"
    },
    {
      "cve": "CVE-2021-46974",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46974"
    },
    {
      "cve": "CVE-2021-46975",
      "product_status": {
        "known_affected": [
          "T033114",
          "T014381",
          "T036570",
          "T002207",
          "67646",
          "T000126",
          "T024663",
          "T034583",
          "T004914",
          "T032255",
          "T035785"
        ]
      },
      "release_date": "2024-02-27T23:00:00.000+00:00",
      "title": "CVE-2021-46975"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-46970 (GCVE-0-2021-46970)

BDU:2025-02995

FKIE_CVE-2021-46970

GHSA-JFX3-F7MG-7CP3

GSD-2021-46970

WID-SEC-W-2024-0500

Tags

Sightings

Nomenclature