Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2021-46928
HistoryFeb 27, 2024 - 9:43 a.m.

CVE-2021-46928 parisc: Clear stale IIR value on instruction access rights trap

2024-02-2709:43:57
Linux
www.cve.org
linux kernel
parisc
instruction access rights
trap
vulnerability
memory region
cpu
patch

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

parisc: Clear stale IIR value on instruction access rights trap

When a trap 7 (Instruction access rights) occurs, this means the CPU
couldn’t execute an instruction due to missing execute permissions on
the memory region. In this case it seems the CPU didn’t even fetched
the instruction from memory and thus did not store it in the cr19 (IIR)
register before calling the trap handler. So, the trap handler will find
some random old stale value in cr19.

This patch simply overwrites the stale IIR value with a constant magic
“bad food” value (0xbaadf00d), in the hope people don’t start to try to
understand the various random IIR values in trap 7 dumps.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "arch/parisc/kernel/traps.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "d01e9ce1af61",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "e96373f0a5f4",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "484730e5862f",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "arch/parisc/kernel/traps.c"
    ],
    "versions": [
      {
        "version": "5.10.90",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.13",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

ubuntucve 1
cve 1
redhatcve 1
nvd 1
prion 1
debiancve 1
nessus 2
openvas 2
ubuntucve
ubuntucve
CVE-2021-46928
2024-02-27 00:00:00
cve
cve
CVE-2021-46928
2024-02-27 10:15:07
redhatcve
redhatcve
CVE-2021-46928
2024-02-28 02:34:30
nvd
nvd
CVE-2021-46928
2024-02-27 10:15:07
prion
prion
Spoofing
2024-02-27 10:15:00
debiancve
debiancve
CVE-2021-46928
2024-02-27 10:15:07
nessus
nessus
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1570)
2024-05-09 00:00:00
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2024-1592)
2024-05-09 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1570)
2024-05-10 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2024-1592)
2024-05-10 00:00:00

5.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CVELIST:CVE-2021-46928
ubuntucve1cve1redhatcve1nvd1prion1debiancve1nessus2openvas2