CVE-2021-46993

In the Linux kernel, the following vulnerability has been resolved: sched: Fix out-of-bound access in uclamp Util-clamp places tasks in different buckets based on their clamp values for performance reasons. However, the size of buckets is currently computed using a rounding division, which can lead to an off-by-one error in some configurations. For instance, with 20 buckets, the bucket size will be 1024/20=51. A task with a clamp of 1024 will be mapped to bucket id 1024/51=20. Sadly, correct indexes are in range [0,19], hence leading to an out of bound memory access. Clamp the bucket id to fix the issue.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/3da3f804b82a0a382d523a21acf4cf3bb35f936d	Patch
https://git.kernel.org/stable/c/42ee47c7e3569d9a0e2cb5053c496d97d380472f	Patch
https://git.kernel.org/stable/c/687f523c134b7f0bd040ee1230f6d17990d54172	Patch
https://git.kernel.org/stable/c/6d2f8909a5fabb73fe2a63918117943986c39b6c	Patch
https://git.kernel.org/stable/c/f7347c85490b92dd144fa1fba9e1eca501656ab3	Patch
https://git.kernel.org/stable/c/3da3f804b82a0a382d523a21acf4cf3bb35f936d	Patch
https://git.kernel.org/stable/c/42ee47c7e3569d9a0e2cb5053c496d97d380472f	Patch
https://git.kernel.org/stable/c/687f523c134b7f0bd040ee1230f6d17990d54172	Patch
https://git.kernel.org/stable/c/6d2f8909a5fabb73fe2a63918117943986c39b6c	Patch
https://git.kernel.org/stable/c/f7347c85490b92dd144fa1fba9e1eca501656ab3	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-02-28 09:15

Updated : 2024-12-24 14:40

NVD link : CVE-2021-46993

Mitre link : CVE-2021-46993

CVE.ORG link : CVE-2021-46993

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2021-46993", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2024-02-28T09:15:37.880", "references": [{"url": "https://git.kernel.org/stable/c/3da3f804b82a0a382d523a21acf4cf3bb35f936d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/42ee47c7e3569d9a0e2cb5053c496d97d380472f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/687f523c134b7f0bd040ee1230f6d17990d54172", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6d2f8909a5fabb73fe2a63918117943986c39b6c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f7347c85490b92dd144fa1fba9e1eca501656ab3", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3da3f804b82a0a382d523a21acf4cf3bb35f936d", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/42ee47c7e3569d9a0e2cb5053c496d97d380472f", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/687f523c134b7f0bd040ee1230f6d17990d54172", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/6d2f8909a5fabb73fe2a63918117943986c39b6c", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/f7347c85490b92dd144fa1fba9e1eca501656ab3", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched: Fix out-of-bound access in uclamp\n\nUtil-clamp places tasks in different buckets based on their clamp values\nfor performance reasons. However, the size of buckets is currently\ncomputed using a rounding division, which can lead to an off-by-one\nerror in some configurations.\n\nFor instance, with 20 buckets, the bucket size will be 1024/20=51. A\ntask with a clamp of 1024 will be mapped to bucket id 1024/51=20. Sadly,\ncorrect indexes are in range [0,19], hence leading to an out of bound\nmemory access.\n\nClamp the bucket id to fix the issue."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: sched: corrige el acceso fuera de los l\u00edmites en uclamp Util-clamp coloca las tareas en diferentes dep\u00f3sitos seg\u00fan sus valores de fijaci\u00f3n por razones de rendimiento. Sin embargo, el tama\u00f1o de los dep\u00f3sitos se calcula actualmente mediante una divisi\u00f3n de redondeo, lo que puede provocar un error de uno por uno en algunas configuraciones. Por ejemplo, con 20 dep\u00f3sitos, el tama\u00f1o del dep\u00f3sito ser\u00e1 1024/20=51. Una tarea con una abrazadera de 1024 se asignar\u00e1 al ID del dep\u00f3sito 1024/51=20. Lamentablemente, los \u00edndices correctos est\u00e1n en el rango [0,19], lo que provoca un acceso a la memoria fuera de los l\u00edmites. Sujete la identificaci\u00f3n del dep\u00f3sito para solucionar el problema."}], "lastModified": "2024-12-24T14:40:13.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E868B513-59E3-4DE6-AC7C-E0219F1AD2C8", "versionEndExcluding": "5.4.120", "versionStartIncluding": "5.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BB4E5E8-4AAD-475A-A1B9-F287254C7D72", "versionEndExcluding": "5.10.38", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83B53E9A-F426-4C03-9A5F-A931FF79827E", "versionEndExcluding": "5.11.22", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0274929A-B36C-4F4C-AB22-30A0DD6B995B", "versionEndExcluding": "5.12.5", "versionStartIncluding": "5.12"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}