CVE-2021-46994 (GCVE-0-2021-46994)

Vulnerability from cvelistv5 – Published: 2024-02-28 08:13 – Updated: 2025-05-04 07:01
VLAI?
Title
can: mcp251x: fix resume from sleep before interface was brought up
Summary
In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix resume from sleep before interface was brought up Since 8ce8c0abcba3 the driver queues work via priv->restart_work when resuming after suspend, even when the interface was not previously enabled. This causes a null dereference error as the workqueue is only allocated and initialized in mcp251x_open(). To fix this we move the workqueue init to mcp251x_can_probe() as there is no reason to do it later and repeat it whenever mcp251x_open() is called. [mkl: fix error handling in mcp251x_stop()]
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef , < eecb4df8ec9f896b19ee05bfa632ac6c1dcd8f21 (git)
Affected: 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef , < 6f8f1c27b577de15f69fefce3c502bb6300d825c (git)
Affected: 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef , < e1e10a390fd9479209c4d834d916ca5e6d5d396b (git)
Affected: 8ce8c0abcba314e1fe954a1840f6568bf5aef2ef , < 03c427147b2d3e503af258711af4fc792b89b0af (git)
Create a notification for this product.
    Linux Linux Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.38 , ≤ 5.10.* (semver)
Unaffected: 5.11.22 , ≤ 5.11.* (semver)
Unaffected: 5.12.5 , ≤ 5.12.* (semver)
Unaffected: 5.13 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:38.558Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eecb4df8ec9f896b19ee05bfa632ac6c1dcd8f21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6f8f1c27b577de15f69fefce3c502bb6300d825c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e1e10a390fd9479209c4d834d916ca5e6d5d396b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/03c427147b2d3e503af258711af4fc792b89b0af"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-46994",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:00:58.367712Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:38.479Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/can/spi/mcp251x.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "eecb4df8ec9f896b19ee05bfa632ac6c1dcd8f21",
              "status": "affected",
              "version": "8ce8c0abcba314e1fe954a1840f6568bf5aef2ef",
              "versionType": "git"
            },
            {
              "lessThan": "6f8f1c27b577de15f69fefce3c502bb6300d825c",
              "status": "affected",
              "version": "8ce8c0abcba314e1fe954a1840f6568bf5aef2ef",
              "versionType": "git"
            },
            {
              "lessThan": "e1e10a390fd9479209c4d834d916ca5e6d5d396b",
              "status": "affected",
              "version": "8ce8c0abcba314e1fe954a1840f6568bf5aef2ef",
              "versionType": "git"
            },
            {
              "lessThan": "03c427147b2d3e503af258711af4fc792b89b0af",
              "status": "affected",
              "version": "8ce8c0abcba314e1fe954a1840f6568bf5aef2ef",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/can/spi/mcp251x.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.38",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.11.*",
              "status": "unaffected",
              "version": "5.11.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.38",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.11.22",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.5",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix resume from sleep before interface was brought up\n\nSince 8ce8c0abcba3 the driver queues work via priv-\u003erestart_work when\nresuming after suspend, even when the interface was not previously\nenabled. This causes a null dereference error as the workqueue is only\nallocated and initialized in mcp251x_open().\n\nTo fix this we move the workqueue init to mcp251x_can_probe() as there\nis no reason to do it later and repeat it whenever mcp251x_open() is\ncalled.\n\n[mkl: fix error handling in mcp251x_stop()]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:01:55.985Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/eecb4df8ec9f896b19ee05bfa632ac6c1dcd8f21"
        },
        {
          "url": "https://git.kernel.org/stable/c/6f8f1c27b577de15f69fefce3c502bb6300d825c"
        },
        {
          "url": "https://git.kernel.org/stable/c/e1e10a390fd9479209c4d834d916ca5e6d5d396b"
        },
        {
          "url": "https://git.kernel.org/stable/c/03c427147b2d3e503af258711af4fc792b89b0af"
        }
      ],
      "title": "can: mcp251x: fix resume from sleep before interface was brought up",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-46994",
    "datePublished": "2024-02-28T08:13:19.115Z",
    "dateReserved": "2024-02-27T18:42:55.949Z",
    "dateUpdated": "2025-05-04T07:01:55.985Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-46994\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-02-28T09:15:37.923\",\"lastModified\":\"2024-12-06T14:42:34.983\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncan: mcp251x: fix resume from sleep before interface was brought up\\n\\nSince 8ce8c0abcba3 the driver queues work via priv-\u003erestart_work when\\nresuming after suspend, even when the interface was not previously\\nenabled. This causes a null dereference error as the workqueue is only\\nallocated and initialized in mcp251x_open().\\n\\nTo fix this we move the workqueue init to mcp251x_can_probe() as there\\nis no reason to do it later and repeat it whenever mcp251x_open() is\\ncalled.\\n\\n[mkl: fix error handling in mcp251x_stop()]\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: can: mcp251x: corregir la reanudaci\u00f3n desde la suspensi\u00f3n antes de que se activara la interfaz. Desde 8ce8c0abcba3, las colas de controladores funcionan a trav\u00e9s de priv-\u0026gt;restart_work cuando se reanudan despu\u00e9s de la suspensi\u00f3n, incluso cuando la interfaz no estaba habilitada previamente. Esto provoca un error de desreferencia nula ya que la cola de trabajo solo se asigna e inicializa en mcp251x_open(). Para solucionar este problema, movemos el inicio de la cola de trabajo a mcp251x_can_probe() ya que no hay raz\u00f3n para hacerlo m\u00e1s tarde y repetirlo cada vez que se llama a mcp251x_open(). [mkl: corregir el manejo de errores en mcp251x_stop()]\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.38\",\"matchCriteriaId\":\"2BB4E5E8-4AAD-475A-A1B9-F287254C7D72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.11.22\",\"matchCriteriaId\":\"83B53E9A-F426-4C03-9A5F-A931FF79827E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.12\",\"versionEndExcluding\":\"5.12.5\",\"matchCriteriaId\":\"0274929A-B36C-4F4C-AB22-30A0DD6B995B\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/03c427147b2d3e503af258711af4fc792b89b0af\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6f8f1c27b577de15f69fefce3c502bb6300d825c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e1e10a390fd9479209c4d834d916ca5e6d5d396b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/eecb4df8ec9f896b19ee05bfa632ac6c1dcd8f21\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/03c427147b2d3e503af258711af4fc792b89b0af\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/6f8f1c27b577de15f69fefce3c502bb6300d825c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e1e10a390fd9479209c4d834d916ca5e6d5d396b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/eecb4df8ec9f896b19ee05bfa632ac6c1dcd8f21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/eecb4df8ec9f896b19ee05bfa632ac6c1dcd8f21\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/6f8f1c27b577de15f69fefce3c502bb6300d825c\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/e1e10a390fd9479209c4d834d916ca5e6d5d396b\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/03c427147b2d3e503af258711af4fc792b89b0af\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T05:24:38.558Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-46994\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T16:00:58.367712Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:17.814Z\"}}], \"cna\": {\"title\": \"can: mcp251x: fix resume from sleep before interface was brought up\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"8ce8c0abcba314e1fe954a1840f6568bf5aef2ef\", \"lessThan\": \"eecb4df8ec9f896b19ee05bfa632ac6c1dcd8f21\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"8ce8c0abcba314e1fe954a1840f6568bf5aef2ef\", \"lessThan\": \"6f8f1c27b577de15f69fefce3c502bb6300d825c\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"8ce8c0abcba314e1fe954a1840f6568bf5aef2ef\", \"lessThan\": \"e1e10a390fd9479209c4d834d916ca5e6d5d396b\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"8ce8c0abcba314e1fe954a1840f6568bf5aef2ef\", \"lessThan\": \"03c427147b2d3e503af258711af4fc792b89b0af\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/net/can/spi/mcp251x.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.5\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"5.5\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.10.38\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.11.22\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.11.*\"}, {\"status\": \"unaffected\", \"version\": \"5.12.5\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.12.*\"}, {\"status\": \"unaffected\", \"version\": \"5.13\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/net/can/spi/mcp251x.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/eecb4df8ec9f896b19ee05bfa632ac6c1dcd8f21\"}, {\"url\": \"https://git.kernel.org/stable/c/6f8f1c27b577de15f69fefce3c502bb6300d825c\"}, {\"url\": \"https://git.kernel.org/stable/c/e1e10a390fd9479209c4d834d916ca5e6d5d396b\"}, {\"url\": \"https://git.kernel.org/stable/c/03c427147b2d3e503af258711af4fc792b89b0af\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncan: mcp251x: fix resume from sleep before interface was brought up\\n\\nSince 8ce8c0abcba3 the driver queues work via priv-\u003erestart_work when\\nresuming after suspend, even when the interface was not previously\\nenabled. This causes a null dereference error as the workqueue is only\\nallocated and initialized in mcp251x_open().\\n\\nTo fix this we move the workqueue init to mcp251x_can_probe() as there\\nis no reason to do it later and repeat it whenever mcp251x_open() is\\ncalled.\\n\\n[mkl: fix error handling in mcp251x_stop()]\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.38\", \"versionStartIncluding\": \"5.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.11.22\", \"versionStartIncluding\": \"5.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.12.5\", \"versionStartIncluding\": \"5.5\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.13\", \"versionStartIncluding\": \"5.5\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T07:01:55.985Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-46994\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T07:01:55.985Z\", \"dateReserved\": \"2024-02-27T18:42:55.949Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-02-28T08:13:19.115Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.