CVE-2021-46990

{"id": "CVE-2021-46990", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-02-28T09:15:37.733", "references": [{"url": "https://git.kernel.org/stable/c/0b4eb172cc12dc102cd0ad013e53ee4463db9508", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/0c25a7bb697f2e6ee65b6d63782f675bf129511a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2db22ba4e0e103f00e0512e0ecce36ac78c644f8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5bc00fdda1e934c557351a9c751a205293e68cbf", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/8382b15864e5014261b4f36c2aa89723612ee058", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/aec86b052df6541cc97c5fca44e5934cbea4963b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d2e3590ca39ccfd8a5a46d8c7f095cb6c7b9ae92", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/dd0d6117052faace5440db20fc37175efe921c7d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ee4b7aab93c2631c3bb0753023c5dda592bb666b", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/0b4eb172cc12dc102cd0ad013e53ee4463db9508", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/0c25a7bb697f2e6ee65b6d63782f675bf129511a", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/2db22ba4e0e103f00e0512e0ecce36ac78c644f8", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/5bc00fdda1e934c557351a9c751a205293e68cbf", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/8382b15864e5014261b4f36c2aa89723612ee058", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/aec86b052df6541cc97c5fca44e5934cbea4963b", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/d2e3590ca39ccfd8a5a46d8c7f095cb6c7b9ae92", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/dd0d6117052faace5440db20fc37175efe921c7d", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/ee4b7aab93c2631c3bb0753023c5dda592bb666b", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64s: Fix crashes when toggling entry flush barrier\n\nThe entry flush mitigation can be enabled/disabled at runtime via a\ndebugfs file (entry_flush), which causes the kernel to patch itself to\nenable/disable the relevant mitigations.\n\nHowever depending on which mitigation we're using, it may not be safe to\ndo that patching while other CPUs are active. For example the following\ncrash:\n\n sleeper[15639]: segfault (11) at c000000000004c20 nip c000000000004c20 lr c000000000004c20\n\nShows that we returned to userspace with a corrupted LR that points into\nthe kernel, due to executing the partially patched call to the fallback\nentry flush (ie. we missed the LR restore).\n\nFix it by doing the patching under stop machine. The CPUs that aren't\ndoing the patching will be spinning in the core of the stop machine\nlogic. That is currently sufficient for our purposes, because none of\nthe patching we do is to that code or anywhere in the vicinity."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: powerpc/64s: soluciona fallas al alternar la barrera de descarga de entrada. La mitigaci\u00f3n de descarga de entrada se puede habilitar/deshabilitar en tiempo de ejecuci\u00f3n a trav\u00e9s de un archivo debugfs (entry_flush), lo que hace que el kernel se parchee a s\u00ed mismo. habilitar/deshabilitar las mitigaciones relevantes. Sin embargo, dependiendo de la mitigaci\u00f3n que estemos usando, puede que no sea seguro aplicar ese parche mientras otras CPU est\u00e1n activas. Por ejemplo, el siguiente bloqueo: durmiente[15639]: segfault (11) en c000000000004c20 nip c000000000004c20 lr c000000000004c20 Muestra que regresamos al espacio de usuario con un LR corrupto que apunta al kernel, debido a la ejecuci\u00f3n de la llamada parcialmente parcheada a la entrada de respaldo descarga ( es decir, nos perdimos la restauraci\u00f3n de LR). Arr\u00e9glelo haciendo el parche debajo de detener la m\u00e1quina. Las CPU que no est\u00e9n aplicando los parches girar\u00e1n en el n\u00facleo de la l\u00f3gica de detenci\u00f3n de la m\u00e1quina. Actualmente, eso es suficiente para nuestros prop\u00f3sitos, porque ninguno de los parches que hacemos se aplica a ese c\u00f3digo ni a ning\u00fan lugar cercano."}], "lastModified": "2024-12-26T15:01:41.753", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99E8C04F-867F-487B-913C-B3704B8232E8", "versionEndExcluding": "4.4.269", "versionStartIncluding": "4.4.245"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDF10571-1100-4E56-B422-CD9F92FC7812", "versionEndExcluding": "4.9.269", "versionStartIncluding": "4.9.245"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C28A4D9B-B741-4832-92FE-F2DC9EB8B85B", "versionEndExcluding": "4.14.233", "versionStartIncluding": "4.14.208"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AB9F40F-0FCE-4166-B98E-92F5910D7E30", "versionEndExcluding": "4.19.191", "versionStartIncluding": "4.19.159"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "570ECFEC-D2E2-4B02-9B0F-5E7BF80EF287", "versionEndExcluding": "5.4.120", "versionStartIncluding": "5.4.79"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8051E54C-C4D7-4B79-90C8-3C0B5A772262", "versionEndExcluding": "5.10.38", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83B53E9A-F426-4C03-9A5F-A931FF79827E", "versionEndExcluding": "5.11.22", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0274929A-B36C-4F4C-AB22-30A0DD6B995B", "versionEndExcluding": "5.12.5", "versionStartIncluding": "5.12"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}