Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2021-46951

Severity CVSS v4.0:
Pending analysis
Type:
CWE-191 Integer Underflow (Wrap or Wraparound)
Publication date:
27/02/2024
Last modified:
10/04/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tpm: efi: Use local variable for calculating final log size<br /> <br /> When tpm_read_log_efi is called multiple times, which happens when<br /> one loads and unloads a TPM2 driver multiple times, then the global<br /> variable efi_tpm_final_log_size will at some point become a negative<br /> number due to the subtraction of final_events_preboot_size occurring<br /> each time. Use a local variable to avoid this integer underflow.<br /> <br /> The following issue is now resolved:<br /> <br /> Mar 8 15:35:12 hibinst kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015<br /> Mar 8 15:35:12 hibinst kernel: Workqueue: tpm-vtpm vtpm_proxy_work [tpm_vtpm_proxy]<br /> Mar 8 15:35:12 hibinst kernel: RIP: 0010:__memcpy+0x12/0x20<br /> Mar 8 15:35:12 hibinst kernel: Code: 00 b8 01 00 00 00 85 d2 74 0a c7 05 44 7b ef 00 0f 00 00 00 c3 cc cc cc 66 66 90 66 90 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 f3 a4<br /> Mar 8 15:35:12 hibinst kernel: RSP: 0018:ffff9ac4c0fcfde0 EFLAGS: 00010206<br /> Mar 8 15:35:12 hibinst kernel: RAX: ffff88f878cefed5 RBX: ffff88f878ce9000 RCX: 1ffffffffffffe0f<br /> Mar 8 15:35:12 hibinst kernel: RDX: 0000000000000003 RSI: ffff9ac4c003bff9 RDI: ffff88f878cf0e4d<br /> Mar 8 15:35:12 hibinst kernel: RBP: ffff9ac4c003b000 R08: 0000000000001000 R09: 000000007e9d6073<br /> Mar 8 15:35:12 hibinst kernel: R10: ffff9ac4c003b000 R11: ffff88f879ad3500 R12: 0000000000000ed5<br /> Mar 8 15:35:12 hibinst kernel: R13: ffff88f878ce9760 R14: 0000000000000002 R15: ffff88f77de7f018<br /> Mar 8 15:35:12 hibinst kernel: FS: 0000000000000000(0000) GS:ffff88f87bd00000(0000) knlGS:0000000000000000<br /> Mar 8 15:35:12 hibinst kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> Mar 8 15:35:12 hibinst kernel: CR2: ffff9ac4c003c000 CR3: 00000001785a6004 CR4: 0000000000060ee0<br /> Mar 8 15:35:12 hibinst kernel: Call Trace:<br /> Mar 8 15:35:12 hibinst kernel: tpm_read_log_efi+0x152/0x1a7<br /> Mar 8 15:35:12 hibinst kernel: tpm_bios_log_setup+0xc8/0x1c0<br /> Mar 8 15:35:12 hibinst kernel: tpm_chip_register+0x8f/0x260<br /> Mar 8 15:35:12 hibinst kernel: vtpm_proxy_work+0x16/0x60 [tpm_vtpm_proxy]<br /> Mar 8 15:35:12 hibinst kernel: process_one_work+0x1b4/0x370<br /> Mar 8 15:35:12 hibinst kernel: worker_thread+0x53/0x3e0<br /> Mar 8 15:35:12 hibinst kernel: ? process_one_work+0x370/0x370

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.3.0 (including) 5.4.118 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5.0 (including) 5.10.36 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11.0 (including) 5.11.20 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.12.0 (including) 5.12.3 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools