NVD

CVE-2021-46990 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix crashes when toggling entry flush barrier The entry flush mitigation can be enabled/disabled at runtime via a debugfs file (entry_flush), which causes the kernel to patch itself to enable/disable the relevant mitigations. However depending on which mitigation we're using, it may not be safe to do that patching while other CPUs are active. For example the following crash: sleeper[15639]: segfault (11) at c000000000004c20 nip c000000000004c20 lr c000000000004c20 Shows that we returned to userspace with a corrupted LR that points into the kernel, due to executing the partially patched call to the fallback entry flush (ie. we missed the LR restore). Fix it by doing the patching under stop machine. The CPUs that aren't doing the patching will be spinning in the core of the stop machine logic. That is currently sufficient for our purposes, because none of the patching we do is to that code or anywhere in the vicinity.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 5.5 MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
https://git.kernel.org/stable/c/0b4eb172cc12dc102cd0ad013e53ee4463db9508	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/0c25a7bb697f2e6ee65b6d63782f675bf129511a	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/2db22ba4e0e103f00e0512e0ecce36ac78c644f8	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/5bc00fdda1e934c557351a9c751a205293e68cbf	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/8382b15864e5014261b4f36c2aa89723612ee058	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/aec86b052df6541cc97c5fca44e5934cbea4963b	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/d2e3590ca39ccfd8a5a46d8c7f095cb6c7b9ae92	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/dd0d6117052faace5440db20fc37175efe921c7d	CVE, kernel.org	Patch
https://git.kernel.org/stable/c/ee4b7aab93c2631c3bb0753023c5dda592bb666b	CVE, kernel.org	Patch

Weakness Enumeration

CWE-ID	CWE Name	Source
NVD-CWE-noinfo	Insufficient Information	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

6 change records found show changes

Reanalysis by NIST 12/26/2024 10:01:41 AM

Action

Type

Old Value

New Value

Changed

CPE Configuration

OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.4.245 up to (excluding) 4.4.269
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.9.245 up to (excluding) 4.9.269
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.208 up to (excluding) 4.14.233
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.159 up to (excluding) 4.19.191
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.79 up to (excluding) 5.4.120
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10 up to (excluding) 5.10.38
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.11.22
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.12 up to (excluding) 5.12.5
     *cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*
     *cpe:2.3:o:linux:linux_kernel:5.13:rc7:*:*:*:*:*:*

OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.4.245 up to (excluding) 4.4.269
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.9.245 up to (excluding) 4.9.269
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.208 up to (excluding) 4.14.233
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.159 up to (excluding) 4.19.191
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.79 up to (excluding) 5.4.120
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10 up to (excluding) 5.10.38
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.11.22
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.12 up to (excluding) 5.12.5
     *cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*

Initial Analysis by NIST 12/24/2024 9:30:57 AM

CVE Modified by CVE 11/21/2024 1:35:08 AM

Action	Type	New Value
Added	Reference	https://git.kernel.org/stable/c/0b4eb172cc12dc102cd0ad013e53ee4463db9508
Added	Reference	https://git.kernel.org/stable/c/0c25a7bb697f2e6ee65b6d63782f675bf129511a
Added	Reference	https://git.kernel.org/stable/c/2db22ba4e0e103f00e0512e0ecce36ac78c644f8
Added	Reference	https://git.kernel.org/stable/c/5bc00fdda1e934c557351a9c751a205293e68cbf
Added	Reference	https://git.kernel.org/stable/c/8382b15864e5014261b4f36c2aa89723612ee058
Added	Reference	https://git.kernel.org/stable/c/aec86b052df6541cc97c5fca44e5934cbea4963b
Added	Reference	https://git.kernel.org/stable/c/d2e3590ca39ccfd8a5a46d8c7f095cb6c7b9ae92
Added	Reference	https://git.kernel.org/stable/c/dd0d6117052faace5440db20fc37175efe921c7d
Added	Reference	https://git.kernel.org/stable/c/ee4b7aab93c2631c3bb0753023c5dda592bb666b

New CVE Received from kernel.org 2/28/2024 4:15:37 AM

Action	Type	New Value
Added	Description	In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix crashes when toggling entry flush barrier The entry flush mitigation can be enabled/disabled at runtime via a debugfs file (entry_flush), which causes the kernel to patch itself to enable/disable the relevant mitigations. However depending on which mitigation we're using, it may not be safe to do that patching while other CPUs are active. For example the following crash: sleeper[15639]: segfault (11) at c000000000004c20 nip c000000000004c20 lr c000000000004c20 Shows that we returned to userspace with a corrupted LR that points into the kernel, due to executing the partially patched call to the fallback entry flush (ie. we missed the LR restore). Fix it by doing the patching under stop machine. The CPUs that aren't doing the patching will be spinning in the core of the stop machine logic. That is currently sufficient for our purposes, because none of the patching we do is to that code or anywhere in the vicinity.
Added	Reference	Linux https://git.kernel.org/stable/c/0b4eb172cc12dc102cd0ad013e53ee4463db9508 [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/0c25a7bb697f2e6ee65b6d63782f675bf129511a [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/2db22ba4e0e103f00e0512e0ecce36ac78c644f8 [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/5bc00fdda1e934c557351a9c751a205293e68cbf [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/8382b15864e5014261b4f36c2aa89723612ee058 [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/aec86b052df6541cc97c5fca44e5934cbea4963b [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/d2e3590ca39ccfd8a5a46d8c7f095cb6c7b9ae92 [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/dd0d6117052faace5440db20fc37175efe921c7d [No types assigned]
Added	Reference	Linux https://git.kernel.org/stable/c/ee4b7aab93c2631c3bb0753023c5dda592bb666b [No types assigned]

Quick Info

CVE Dictionary Entry:
CVE-2021-46990
NVD Published Date:
02/28/2024
NVD Last Modified:
12/26/2024
Source:
kernel.org

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2021-46990 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

Reanalysis by NIST 12/26/2024 10:01:41 AM

Initial Analysis by NIST 12/24/2024 9:30:57 AM

CVE Modified by CVE 11/21/2024 1:35:08 AM

CVE Modified by kernel.org 5/28/2024 4:15:31 PM

CVE Modified by kernel.org 5/14/2024 5:46:01 AM

New CVE Received from kernel.org 2/28/2024 4:15:37 AM

Quick Info