CVE-2021-46908 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved:

bpf: Use correct permission flag for mixed signed bounds arithmetic

We forbid adding unknown scalars with mixed signed bounds due to the
spectre v1 masking mitigation. Hence this also needs bypass_spec_v1
flag instead of allow_ptr_leaks.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00004.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/4ccdc6c6cae38b91c871293fb0ed8c6845a61b51
https://git.kernel.org/stable/c/4f3ff11204eac0ee23acf64deecb3bad7b0db0c6
https://git.kernel.org/stable/c/9601148392520e2e134936e76788fc2a6371e7be
https://nvd.nist.gov/vuln/detail/CVE-2021-46908
https://www.cve.org/CVERecord?id=CVE-2021-46908

History

Tue, 05 Nov 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-27T06:53:49.541Z

Updated: 2025-05-04T07:00:08.446Z

Reserved: 2024-02-25T13:45:52.718Z

Link: CVE-2021-46908

Vulnrichment

Updated: 2024-08-04T05:17:43.036Z

NVD

Status : Modified

Published: 2024-02-27T07:15:06.977

Modified: 2024-11-21T06:34:54.460

Link: CVE-2021-46908

Redhat

Severity : Moderate

Publid Date: 2024-02-27T00:00:00Z

Links: CVE-2021-46908 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-46908", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:45:52.718Z", "datePublished": "2024-02-27T06:53:49.541Z", "dateUpdated": "2025-05-04T07:00:08.446Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:00:08.446Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Use correct permission flag for mixed signed bounds arithmetic\n\nWe forbid adding unknown scalars with mixed signed bounds due to the\nspectre v1 masking mitigation. Hence this also needs bypass_spec_v1\nflag instead of allow_ptr_leaks."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/bpf/verifier.c"], "versions": [{"version": "2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366", "lessThan": "4f3ff11204eac0ee23acf64deecb3bad7b0db0c6", "status": "affected", "versionType": "git"}, {"version": "2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366", "lessThan": "4ccdc6c6cae38b91c871293fb0ed8c6845a61b51", "status": "affected", "versionType": "git"}, {"version": "2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366", "lessThan": "9601148392520e2e134936e76788fc2a6371e7be", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/bpf/verifier.c"], "versions": [{"version": "5.8", "status": "affected"}, {"version": "0", "lessThan": "5.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.32", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.11.16", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.10.32"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.11.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.12"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/4f3ff11204eac0ee23acf64deecb3bad7b0db0c6"}, {"url": "https://git.kernel.org/stable/c/4ccdc6c6cae38b91c871293fb0ed8c6845a61b51"}, {"url": "https://git.kernel.org/stable/c/9601148392520e2e134936e76788fc2a6371e7be"}], "title": "bpf: Use correct permission flag for mixed signed bounds arithmetic", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46908", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-27T15:41:34.586719Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:13:12.609Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:43.036Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4f3ff11204eac0ee23acf64deecb3bad7b0db0c6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4ccdc6c6cae38b91c871293fb0ed8c6845a61b51", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9601148392520e2e134936e76788fc2a6371e7be", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4f3ff11204eac0ee23acf64deecb3bad7b0db0c6", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/4ccdc6c6cae38b91c871293fb0ed8c6845a61b51", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9601148392520e2e134936e76788fc2a6371e7be", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:43.036Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46908", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-27T15:41:34.586719Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:13.366Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "bpf: Use correct permission flag for mixed signed bounds arithmetic", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366", "lessThan": "4f3ff11204eac0ee23acf64deecb3bad7b0db0c6", "versionType": "git"}, {"status": "affected", "version": "2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366", "lessThan": "4ccdc6c6cae38b91c871293fb0ed8c6845a61b51", "versionType": "git"}, {"status": "affected", "version": "2c78ee898d8f10ae6fb2fa23a3fbaec96b1b7366", "lessThan": "9601148392520e2e134936e76788fc2a6371e7be", "versionType": "git"}], "programFiles": ["kernel/bpf/verifier.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.8"}, {"status": "unaffected", "version": "0", "lessThan": "5.8", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.32", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.16", "versionType": "semver", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["kernel/bpf/verifier.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/4f3ff11204eac0ee23acf64deecb3bad7b0db0c6"}, {"url": "https://git.kernel.org/stable/c/4ccdc6c6cae38b91c871293fb0ed8c6845a61b51"}, {"url": "https://git.kernel.org/stable/c/9601148392520e2e134936e76788fc2a6371e7be"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Use correct permission flag for mixed signed bounds arithmetic\n\nWe forbid adding unknown scalars with mixed signed bounds due to the\nspectre v1 masking mitigation. Hence this also needs bypass_spec_v1\nflag instead of allow_ptr_leaks."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.32", "versionStartIncluding": "5.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.11.16", "versionStartIncluding": "5.8"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.12", "versionStartIncluding": "5.8"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:00:08.446Z"}}}, "cveMetadata": {"cveId": "CVE-2021-46908", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:00:08.446Z", "dateReserved": "2024-02-25T13:45:52.718Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-27T06:53:49.541Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE87B38C-0350-471A-8830-58E1E02F7E2E", "versionEndExcluding": "5.10.32", "versionStartIncluding": "5.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C5242B9-B5BD-4578-AD66-69DF59D54A14", "versionEndExcluding": "5.11.16", "versionStartIncluding": "5.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Use correct permission flag for mixed signed bounds arithmetic\n\nWe forbid adding unknown scalars with mixed signed bounds due to the\nspectre v1 masking mitigation. Hence this also needs bypass_spec_v1\nflag instead of allow_ptr_leaks."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bpf: use el indicador de permiso correcto para aritm\u00e9tica de los l\u00edmites con signo mixto Prohibimos agregar escalares desconocidos con l\u00edmites con signo mixto debido a la mitigaci\u00f3n de enmascaramiento de Spectre v1. Por lo tanto, esto tambi\u00e9n necesita el indicador bypass_spec_v1 en lugar de enable_ptr_leaks."}], "id": "CVE-2021-46908", "lastModified": "2024-11-21T06:34:54.460", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-27T07:15:06.977", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4ccdc6c6cae38b91c871293fb0ed8c6845a61b51"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4f3ff11204eac0ee23acf64deecb3bad7b0db0c6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9601148392520e2e134936e76788fc2a6371e7be"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4ccdc6c6cae38b91c871293fb0ed8c6845a61b51"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4f3ff11204eac0ee23acf64deecb3bad7b0db0c6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9601148392520e2e134936e76788fc2a6371e7be"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: unknown scalars with mixed signed bounds masking mitigation", "id": "2266407", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266407"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbpf: Use correct permission flag for mixed signed bounds arithmetic\nWe forbid adding unknown scalars with mixed signed bounds due to the\nspectre v1 masking mitigation. Hence this also needs bypass_spec_v1\nflag instead of allow_ptr_leaks.", "A flaw was found in the Linux Kernel. Adding unknown scalars with mixed signed bounds are forbidden due to the spectre v1 masking mitigation. Therefore, this needs the bypass_spec_v1 flag instead of allow_ptr_leaks."], "name": "CVE-2021-46908", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-46908\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46908\nhttps://git.kernel.org/stable/c/4ccdc6c6cae38b91c871293fb0ed8c6845a61b51\nhttps://git.kernel.org/stable/c/4f3ff11204eac0ee23acf64deecb3bad7b0db0c6\nhttps://git.kernel.org/stable/c/9601148392520e2e134936e76788fc2a6371e7be"], "threat_severity": "Moderate"}