Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2021-46969
HistoryFeb 27, 2024 - 7:04 p.m.

CVE-2021-46969

2024-02-2719:04:07
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
2481
linux kernel
cve-2021-46969
vulnerability
bus
mhi
core
error fix
use after free
skb case

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

bus: mhi: core: Fix invalid error returning in mhi_queue

mhi_queue returns an error when the doorbell is not accessible in
the current state. This can happen when the device is in non M0
state, like M3, and needs to be waken-up prior ringing the DB. This
case is managed earlier by triggering an asynchronous M3 exit via
controller resume/suspend callbacks, that in turn will cause M0
transition and DB update.

So, since it’s not an error but just delaying of doorbell update, there
is no reason to return an error.

This also fixes a use after free error for skb case, indeed a caller
queuing skb will try to free the skb if the queueing fails, but in
that case queueing has been done.

Affected configurations

Vulners
Node
linuxlinux_kernelRange5.125.12.3
OR
linuxlinux_kernelRange5.13.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/bus/mhi/core/main.c"
    ],
    "versions": [
      {
        "version": "a8f75cb348fd",
        "lessThan": "a99b661c3187",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "a8f75cb348fd",
        "lessThan": "0ecc1c70dcd3",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/bus/mhi/core/main.c"
    ],
    "versions": [
      {
        "version": "5.12",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.12",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.12.3",
        "lessThanOrEqual": "5.12.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.13",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

cvelist 1
nvd 1
ubuntucve 1
prion 1
redhatcve 1
debiancve 1
nessus 2
cvelist
cvelist
CVE-2021-46969 bus: mhi: core: Fix invalid error returning in mhi_queue
2024-02-27 18:47:05
nvd
nvd
CVE-2021-46969
2024-02-27 19:04:07
ubuntucve
ubuntucve
CVE-2021-46969
2024-02-27 00:00:00
prion
prion
Spoofing
2024-02-27 19:04:00
redhatcve
redhatcve
CVE-2021-46969
2024-02-29 06:02:06
debiancve
debiancve
CVE-2021-46969
2024-02-27 19:04:07
nessus
nessus
RHEL 6 : kernel (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 7 : kernel (Unpatched Vulnerability)
2024-05-11 00:00:00

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for CVE-2021-46969
cvelist1nvd1ubuntucve1prion1redhatcve1debiancve1nessus2