NVD

NOTICE UPDATED - April, 25th 2024

NIST has updated the NVD program announcement page with additional information regarding recent concerns and the temporary delays in enrichment efforts.

CVE-2021-46915 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: avoid possible divide error in nft_limit_init div_u64() divides u64 by u32. nft_limit_init() wants to divide u64 by u64, use the appropriate math function (div64_u64) divide error: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 8390 Comm: syz-executor188 Not tainted 5.12.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:div_u64_rem include/linux/math64.h:28 [inline] RIP: 0010:div_u64 include/linux/math64.h:127 [inline] RIP: 0010:nft_limit_init+0x2a2/0x5e0 net/netfilter/nft_limit.c:85 Code: ef 4c 01 eb 41 0f 92 c7 48 89 de e8 38 a5 22 fa 4d 85 ff 0f 85 97 02 00 00 e8 ea 9e 22 fa 4c 0f af f3 45 89 ed 31 d2 4c 89 f0 <49> f7 f5 49 89 c6 e8 d3 9e 22 fa 48 8d 7d 48 48 b8 00 00 00 00 00 RSP: 0018:ffffc90009447198 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000200000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff875152e6 RDI: 0000000000000003 RBP: ffff888020f80908 R08: 0000200000000000 R09: 0000000000000000 R10: ffffffff875152d8 R11: 0000000000000000 R12: ffffc90009447270 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 000000000097a300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000200001c4 CR3: 0000000026a52000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: nf_tables_newexpr net/netfilter/nf_tables_api.c:2675 [inline] nft_expr_init+0x145/0x2d0 net/netfilter/nf_tables_api.c:2713 nft_set_elem_expr_alloc+0x27/0x280 net/netfilter/nf_tables_api.c:5160 nf_tables_newset+0x1997/0x3150 net/netfilter/nf_tables_api.c:4321 nfnetlink_rcv_batch+0x85a/0x21b0 net/netfilter/nfnetlink.c:456 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:580 [inline] nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:598 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927 sock_sendmsg_nosec net/socket.c:654 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:674 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350 ___sys_sendmsg+0xf3/0x170 net/socket.c:2404 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xae

Severity

CVSS 3.x Severity and Metrics:

NIST: NVD

Base Score: 5.5 MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

NVD Analysts use publicly available information to associate vector strings and CVSS scores. We also display any CVSS information provided within the CVE List from the CNA.

Note: NVD Analysts have published a CVSS score for this CVE based on publicly available information at the time of analysis. The CNA has not provided a score within the CVE List.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink	Resource
https://git.kernel.org/stable/c/01fb1626b620cb37a65ad08e0f626489e8f042ef	Patch
https://git.kernel.org/stable/c/1bb3ee4259936cc3b2d80a4a480bbb4868575071	Patch
https://git.kernel.org/stable/c/9065ccb9ec92c5120e7e97958397ebdb454f23d6	Patch
https://git.kernel.org/stable/c/b895bdf5d643b6feb7c60856326dd4feb6981560	Patch
https://git.kernel.org/stable/c/dc1732baa9da5b68621586bf8636ebbc27dc62d2	Patch
https://git.kernel.org/stable/c/fadd3c4afdf3d4c21f4d138502f8b76334987e26	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-369	Divide By Zero	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

2 change records found show changes

Initial Analysis by NIST 4/10/2024 9:55:34 AM

Action	Type	Old Value	New Value
Added	CPE Configuration		Record truncated, showing 500 of 553 characters. View Entire Change Record OR cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.13.0 up to (excluding) 4.14.232 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.15.0 up to (excluding) 4.19.189 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 4.20.0 up to (excluding) 5.4.114 cpe:2.3:o:linux:linux_kernel::::::::* versions from (including) 5.5.0 up to (excluding) 5.10.32 cpe:2.3:o:linux:linux_kernel::::::::* versi
Added	CVSS V3.1		NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Added	CWE		NIST CWE-369
Changed	Reference Type	https://git.kernel.org/stable/c/01fb1626b620cb37a65ad08e0f626489e8f042ef No Types Assigned	https://git.kernel.org/stable/c/01fb1626b620cb37a65ad08e0f626489e8f042ef Patch
Changed	Reference Type	https://git.kernel.org/stable/c/1bb3ee4259936cc3b2d80a4a480bbb4868575071 No Types Assigned	https://git.kernel.org/stable/c/1bb3ee4259936cc3b2d80a4a480bbb4868575071 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/9065ccb9ec92c5120e7e97958397ebdb454f23d6 No Types Assigned	https://git.kernel.org/stable/c/9065ccb9ec92c5120e7e97958397ebdb454f23d6 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/b895bdf5d643b6feb7c60856326dd4feb6981560 No Types Assigned	https://git.kernel.org/stable/c/b895bdf5d643b6feb7c60856326dd4feb6981560 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/dc1732baa9da5b68621586bf8636ebbc27dc62d2 No Types Assigned	https://git.kernel.org/stable/c/dc1732baa9da5b68621586bf8636ebbc27dc62d2 Patch
Changed	Reference Type	https://git.kernel.org/stable/c/fadd3c4afdf3d4c21f4d138502f8b76334987e26 No Types Assigned	https://git.kernel.org/stable/c/fadd3c4afdf3d4c21f4d138502f8b76334987e26 Patch

New CVE Received by NIST 2/27/2024 2:15:08 AM

Action	Type	New Value
Added	Description	Record truncated, showing 500 of 2502 characters. View Entire Change Record In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: avoid possible divide error in nft_limit_init div_u64() divides u64 by u32. nft_limit_init() wants to divide u64 by u64, use the appropriate math function (div64_u64) divide error: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 8390 Comm: syz-executor188 Not tainted 5.12.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:div_u64_rem include/li
Added	Reference	Linux https://git.kernel.org/stable/c/01fb1626b620cb37a65ad08e0f626489e8f042ef [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/1bb3ee4259936cc3b2d80a4a480bbb4868575071 [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/9065ccb9ec92c5120e7e97958397ebdb454f23d6 [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/b895bdf5d643b6feb7c60856326dd4feb6981560 [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/dc1732baa9da5b68621586bf8636ebbc27dc62d2 [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/fadd3c4afdf3d4c21f4d138502f8b76334987e26 [No types assigned]

Quick Info

CVE Dictionary Entry:
CVE-2021-46915
NVD Published Date:
02/27/2024
NVD Last Modified:
04/10/2024
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database