FKIE_CVE-2021-46993

Vulnerability from fkie_nvd - Published: 2024-02-28 09:15 - Updated: 2024-12-24 14:40
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: sched: Fix out-of-bound access in uclamp Util-clamp places tasks in different buckets based on their clamp values for performance reasons. However, the size of buckets is currently computed using a rounding division, which can lead to an off-by-one error in some configurations. For instance, with 20 buckets, the bucket size will be 1024/20=51. A task with a clamp of 1024 will be mapped to bucket id 1024/51=20. Sadly, correct indexes are in range [0,19], hence leading to an out of bound memory access. Clamp the bucket id to fix the issue.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3da3f804b82a0a382d523a21acf4cf3bb35f936dPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/42ee47c7e3569d9a0e2cb5053c496d97d380472fPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/687f523c134b7f0bd040ee1230f6d17990d54172Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6d2f8909a5fabb73fe2a63918117943986c39b6cPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f7347c85490b92dd144fa1fba9e1eca501656ab3Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/3da3f804b82a0a382d523a21acf4cf3bb35f936dPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/42ee47c7e3569d9a0e2cb5053c496d97d380472fPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/687f523c134b7f0bd040ee1230f6d17990d54172Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/6d2f8909a5fabb73fe2a63918117943986c39b6cPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/f7347c85490b92dd144fa1fba9e1eca501656ab3Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E868B513-59E3-4DE6-AC7C-E0219F1AD2C8",
              "versionEndExcluding": "5.4.120",
              "versionStartIncluding": "5.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB4E5E8-4AAD-475A-A1B9-F287254C7D72",
              "versionEndExcluding": "5.10.38",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B53E9A-F426-4C03-9A5F-A931FF79827E",
              "versionEndExcluding": "5.11.22",
              "versionStartIncluding": "5.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0274929A-B36C-4F4C-AB22-30A0DD6B995B",
              "versionEndExcluding": "5.12.5",
              "versionStartIncluding": "5.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: Fix out-of-bound access in uclamp\n\nUtil-clamp places tasks in different buckets based on their clamp values\nfor performance reasons. However, the size of buckets is currently\ncomputed using a rounding division, which can lead to an off-by-one\nerror in some configurations.\n\nFor instance, with 20 buckets, the bucket size will be 1024/20=51. A\ntask with a clamp of 1024 will be mapped to bucket id 1024/51=20. Sadly,\ncorrect indexes are in range [0,19], hence leading to an out of bound\nmemory access.\n\nClamp the bucket id to fix the issue."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: sched: corrige el acceso fuera de los l\u00edmites en uclamp Util-clamp coloca las tareas en diferentes dep\u00f3sitos seg\u00fan sus valores de fijaci\u00f3n por razones de rendimiento. Sin embargo, el tama\u00f1o de los dep\u00f3sitos se calcula actualmente mediante una divisi\u00f3n de redondeo, lo que puede provocar un error de uno por uno en algunas configuraciones. Por ejemplo, con 20 dep\u00f3sitos, el tama\u00f1o del dep\u00f3sito ser\u00e1 1024/20=51. Una tarea con una abrazadera de 1024 se asignar\u00e1 al ID del dep\u00f3sito 1024/51=20. Lamentablemente, los \u00edndices correctos est\u00e1n en el rango [0,19], lo que provoca un acceso a la memoria fuera de los l\u00edmites. Sujete la identificaci\u00f3n del dep\u00f3sito para solucionar el problema."
    }
  ],
  "id": "CVE-2021-46993",
  "lastModified": "2024-12-24T14:40:13.420",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-02-28T09:15:37.880",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3da3f804b82a0a382d523a21acf4cf3bb35f936d"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/42ee47c7e3569d9a0e2cb5053c496d97d380472f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/687f523c134b7f0bd040ee1230f6d17990d54172"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/6d2f8909a5fabb73fe2a63918117943986c39b6c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/f7347c85490b92dd144fa1fba9e1eca501656ab3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/3da3f804b82a0a382d523a21acf4cf3bb35f936d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/42ee47c7e3569d9a0e2cb5053c496d97d380472f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/687f523c134b7f0bd040ee1230f6d17990d54172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/6d2f8909a5fabb73fe2a63918117943986c39b6c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/f7347c85490b92dd144fa1fba9e1eca501656ab3"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.