CVE-2021-46953

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

27/02/2024

Last modified:

10/04/2024

Description

In the Linux kernel, the following vulnerability has been resolved: ACPI: GTDT: Don&#39;t corrupt interrupt mappings on watchdow probe failure When failing the driver probe because of invalid firmware properties, the GTDT driver unmaps the interrupt that it mapped earlier. However, it never checks whether the mapping of the interrupt actially succeeded. Even more, should the firmware report an illegal interrupt number that overlaps with the GIC SGI range, this can result in an IPI being unmapped, and subsequent fireworks (as reported by Dann Frazier). Rework the driver to have a slightly saner behaviour and actually check whether the interrupt has been mapped before unmapping things.

Impact

Vector 3.x

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 6.70 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

6.70

Severity 3.x

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:linux:linux_kernel::::::::	4.12.0 (including)	4.14.233 (excluding)
cpe:2.3:o:linux:linux_kernel::::::::	4.15.0 (including)	4.19.191 (excluding)
cpe:2.3:o:linux:linux_kernel::::::::	4.20.0 (including)	5.4.118 (excluding)
cpe:2.3:o:linux:linux_kernel::::::::	5.5.0 (including)	5.10.36 (excluding)
cpe:2.3:o:linux:linux_kernel::::::::	5.11.0 (including)	5.11.20 (excluding)
cpe:2.3:o:linux:linux_kernel::::::::	5.12.0 (including)	5.12.3 (excluding)

To consult the complete list of CPE names with products and versions, see this page

CVE-2021-46953

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools