CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
5.1%
In the Linux kernel, the following vulnerability has been resolved: tpm:
efi: Use local variable for calculating final log size When
tpm_read_log_efi is called multiple times, which happens when one loads and
unloads a TPM2 driver multiple times, then the global variable
efi_tpm_final_log_size will at some point become a negative number due to
the subtraction of final_events_preboot_size occurring each time. Use a
local variable to avoid this integer underflow. The following issue is now
resolved: Mar 8 15:35:12 hibinst kernel: Hardware name: QEMU Standard PC
(Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Mar 8 15:35:12 hibinst kernel:
Workqueue: tpm-vtpm vtpm_proxy_work [tpm_vtpm_proxy] Mar 8 15:35:12 hibinst
kernel: RIP: 0010:__memcpy+0x12/0x20 Mar 8 15:35:12 hibinst kernel: Code:
00 b8 01 00 00 00 85 d2 74 0a c7 05 44 7b ef 00 0f 00 00 00 c3 cc cc cc 66
66 90 66 90 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4
c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 f3 a4 Mar 8 15:35:12 hibinst kernel:
RSP: 0018:ffff9ac4c0fcfde0 EFLAGS: 00010206 Mar 8 15:35:12 hibinst kernel:
RAX: ffff88f878cefed5 RBX: ffff88f878ce9000 RCX: 1ffffffffffffe0f Mar 8
15:35:12 hibinst kernel: RDX: 0000000000000003 RSI: ffff9ac4c003bff9 RDI:
ffff88f878cf0e4d Mar 8 15:35:12 hibinst kernel: RBP: ffff9ac4c003b000 R08:
0000000000001000 R09: 000000007e9d6073 Mar 8 15:35:12 hibinst kernel: R10:
ffff9ac4c003b000 R11: ffff88f879ad3500 R12: 0000000000000ed5 Mar 8 15:35:12
hibinst kernel: R13: ffff88f878ce9760 R14: 0000000000000002 R15:
ffff88f77de7f018 Mar 8 15:35:12 hibinst kernel: FS: 0000000000000000(0000)
GS:ffff88f87bd00000(0000) knlGS:0000000000000000 Mar 8 15:35:12 hibinst
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Mar 8 15:35:12
hibinst kernel: CR2: ffff9ac4c003c000 CR3: 00000001785a6004 CR4:
0000000000060ee0 Mar 8 15:35:12 hibinst kernel: Call Trace: Mar 8 15:35:12
hibinst kernel: tpm_read_log_efi+0x152/0x1a7 Mar 8 15:35:12 hibinst kernel:
tpm_bios_log_setup+0xc8/0x1c0 Mar 8 15:35:12 hibinst kernel:
tpm_chip_register+0x8f/0x260 Mar 8 15:35:12 hibinst kernel:
vtpm_proxy_work+0x16/0x60 [tpm_vtpm_proxy] Mar 8 15:35:12 hibinst kernel:
process_one_work+0x1b4/0x370 Mar 8 15:35:12 hibinst kernel:
worker_thread+0x53/0x3e0 Mar 8 15:35:12 hibinst kernel: ?
process_one_work+0x370/0x370
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < 5.4.0-77.86 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1051.53 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < 5.4.0-1051.53 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-5.4 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-bluefield | < 5.4.0-1013.16 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-gcp | < 5.4.0-1046.49 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-gcp-5.4 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-gkeop | < 5.4.0-1018.19 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-hwe-5.4 | < any | UNKNOWN |
git.kernel.org/linus/48cff270b037022e37835d93361646205ca25101 (5.13-rc1)
git.kernel.org/stable/c/2f12258b5224cfaa808c54fd29345f3c1cbfca76
git.kernel.org/stable/c/3818b753277f5ca0c170bf5b98e0a5a225542fcb
git.kernel.org/stable/c/48cff270b037022e37835d93361646205ca25101
git.kernel.org/stable/c/60a01ecc9f68067e4314a0b55148e39e5d58a51b
git.kernel.org/stable/c/ac07c557ca12ec9276c0375517bac7ae5be4e50c
launchpad.net/bugs/cve/CVE-2021-46951
nvd.nist.gov/vuln/detail/CVE-2021-46951
security-tracker.debian.org/tracker/CVE-2021-46951
www.cve.org/CVERecord?id=CVE-2021-46951