In the Linux kernel, the following vulnerability has been resolved: sched:
Fix out-of-bound access in uclamp Util-clamp places tasks in different
buckets based on their clamp values for performance reasons. However, the
size of buckets is currently computed using a rounding division, which can
lead to an off-by-one error in some configurations. For instance, with 20
buckets, the bucket size will be 1024/20=51. A task with a clamp of 1024
will be mapped to bucket id 1024/51=20. Sadly, correct indexes are in range
[0,19], hence leading to an out of bound memory access. Clamp the bucket id
to fix the issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < 5.4.0-80.90 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1054.57 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < 5.4.0-1055.57 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-5.4 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-bluefield | < 5.4.0-1016.19 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-gcp | < 5.4.0-1049.53 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-gcp-5.4 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux-gke | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-gkeop | < 5.4.0-1021.22 | UNKNOWN |
git.kernel.org/linus/6d2f8909a5fabb73fe2a63918117943986c39b6c (5.13-rc1)
git.kernel.org/stable/c/3da3f804b82a0a382d523a21acf4cf3bb35f936d
git.kernel.org/stable/c/42ee47c7e3569d9a0e2cb5053c496d97d380472f
git.kernel.org/stable/c/687f523c134b7f0bd040ee1230f6d17990d54172
git.kernel.org/stable/c/6d2f8909a5fabb73fe2a63918117943986c39b6c
git.kernel.org/stable/c/f7347c85490b92dd144fa1fba9e1eca501656ab3
launchpad.net/bugs/cve/CVE-2021-46993
nvd.nist.gov/vuln/detail/CVE-2021-46993
security-tracker.debian.org/tracker/CVE-2021-46993
www.cve.org/CVERecord?id=CVE-2021-46993