{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-46909", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:45:52.718Z", "datePublished": "2024-02-27T06:53:50.181Z", "dateUpdated": "2024-08-04T05:17:42.879Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T04:58:40.717Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: footbridge: fix PCI interrupt mapping\n\nSince commit 30fdfb929e82 (\"PCI: Add a call to pci_assign_irq() in\npci_device_probe()\"), the PCI code will call the IRQ mapping function\nwhenever a PCI driver is probed. If these are marked as __init, this\ncauses an oops if a PCI driver is loaded or bound after the kernel has\ninitialised."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/arm/mach-footbridge/cats-pci.c", "arch/arm/mach-footbridge/ebsa285-pci.c", "arch/arm/mach-footbridge/netwinder-pci.c", "arch/arm/mach-footbridge/personal-pci.c"], "versions": [{"version": "30fdfb929e82", "lessThan": "532747fd5c7a", "status": "affected", "versionType": "git"}, {"version": "30fdfb929e82", "lessThan": "2643da6aa579", "status": "affected", "versionType": "git"}, {"version": "30fdfb929e82", "lessThan": "871b569a3e67", "status": "affected", "versionType": "git"}, {"version": "30fdfb929e82", "lessThan": "1fc087fdb98d", "status": "affected", "versionType": "git"}, {"version": "30fdfb929e82", "lessThan": "c3efce8cc980", "status": "affected", "versionType": "git"}, {"version": "30fdfb929e82", "lessThan": "30e3b4f256b4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/arm/mach-footbridge/cats-pci.c", "arch/arm/mach-footbridge/ebsa285-pci.c", "arch/arm/mach-footbridge/netwinder-pci.c", "arch/arm/mach-footbridge/personal-pci.c"], "versions": [{"version": "4.13", "status": "affected"}, {"version": "0", "lessThan": "4.13", "status": "unaffected", "versionType": "custom"}, {"version": "4.14.232", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.189", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.114", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.32", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.11.16", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/532747fd5c7aaa17ee5cf79f3e947c31eb0e35cf"}, {"url": "https://git.kernel.org/stable/c/2643da6aa57920d9159a1a579fb04f89a2b0d29a"}, {"url": "https://git.kernel.org/stable/c/871b569a3e67f570df9f5ba195444dc7c621293b"}, {"url": "https://git.kernel.org/stable/c/1fc087fdb98d556b416c82ed6e3964a30885f47a"}, {"url": "https://git.kernel.org/stable/c/c3efce8cc9807339633ee30e39882f4c8626ee1d"}, {"url": "https://git.kernel.org/stable/c/30e3b4f256b4e366a61658c294f6a21b8626dda7"}], "title": "ARM: footbridge: fix PCI interrupt mapping", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46909", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T22:33:27.334758Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:13:15.270Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:42.879Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/532747fd5c7aaa17ee5cf79f3e947c31eb0e35cf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2643da6aa57920d9159a1a579fb04f89a2b0d29a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/871b569a3e67f570df9f5ba195444dc7c621293b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1fc087fdb98d556b416c82ed6e3964a30885f47a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c3efce8cc9807339633ee30e39882f4c8626ee1d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/30e3b4f256b4e366a61658c294f6a21b8626dda7", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/532747fd5c7aaa17ee5cf79f3e947c31eb0e35cf", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2643da6aa57920d9159a1a579fb04f89a2b0d29a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/871b569a3e67f570df9f5ba195444dc7c621293b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1fc087fdb98d556b416c82ed6e3964a30885f47a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/c3efce8cc9807339633ee30e39882f4c8626ee1d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/30e3b4f256b4e366a61658c294f6a21b8626dda7", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:42.879Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46909", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T22:33:27.334758Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:10.280Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "ARM: footbridge: fix PCI interrupt mapping", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "30fdfb929e82", "lessThan": "532747fd5c7a", "versionType": "git"}, {"status": "affected", "version": "30fdfb929e82", "lessThan": "2643da6aa579", "versionType": "git"}, {"status": "affected", "version": "30fdfb929e82", "lessThan": "871b569a3e67", "versionType": "git"}, {"status": "affected", "version": "30fdfb929e82", "lessThan": "1fc087fdb98d", "versionType": "git"}, {"status": "affected", "version": "30fdfb929e82", "lessThan": "c3efce8cc980", "versionType": "git"}, {"status": "affected", "version": "30fdfb929e82", "lessThan": "30e3b4f256b4", "versionType": "git"}], "programFiles": ["arch/arm/mach-footbridge/cats-pci.c", "arch/arm/mach-footbridge/ebsa285-pci.c", "arch/arm/mach-footbridge/netwinder-pci.c", "arch/arm/mach-footbridge/personal-pci.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.13"}, {"status": "unaffected", "version": "0", "lessThan": "4.13", "versionType": "custom"}, {"status": "unaffected", "version": "4.14.232", "versionType": "custom", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.189", "versionType": "custom", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.114", "versionType": "custom", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.32", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.16", "versionType": "custom", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["arch/arm/mach-footbridge/cats-pci.c", "arch/arm/mach-footbridge/ebsa285-pci.c", "arch/arm/mach-footbridge/netwinder-pci.c", "arch/arm/mach-footbridge/personal-pci.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/532747fd5c7aaa17ee5cf79f3e947c31eb0e35cf"}, {"url": "https://git.kernel.org/stable/c/2643da6aa57920d9159a1a579fb04f89a2b0d29a"}, {"url": "https://git.kernel.org/stable/c/871b569a3e67f570df9f5ba195444dc7c621293b"}, {"url": "https://git.kernel.org/stable/c/1fc087fdb98d556b416c82ed6e3964a30885f47a"}, {"url": "https://git.kernel.org/stable/c/c3efce8cc9807339633ee30e39882f4c8626ee1d"}, {"url": "https://git.kernel.org/stable/c/30e3b4f256b4e366a61658c294f6a21b8626dda7"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: footbridge: fix PCI interrupt mapping\n\nSince commit 30fdfb929e82 (\"PCI: Add a call to pci_assign_irq() in\npci_device_probe()\"), the PCI code will call the IRQ mapping function\nwhenever a PCI driver is probed. If these are marked as __init, this\ncauses an oops if a PCI driver is loaded or bound after the kernel has\ninitialised."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T04:58:40.717Z"}}}, "cveMetadata": {"cveId": "CVE-2021-46909", "state": "PUBLISHED", "dateUpdated": "2024-08-04T05:17:42.879Z", "dateReserved": "2024-02-25T13:45:52.718Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-27T06:53:50.181Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B57FF6BE-DF15-4360-A821-3EE92F96F189", "versionEndExcluding": "4.14.232", "versionStartIncluding": "4.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EEE5714-B0F5-40FB-9A6E-4BF3F2A51B2E", "versionEndExcluding": "4.19.189", "versionStartIncluding": "4.15.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "74CFBFBB-99A6-47E6-A16A-2A2E9F2A5A0D", "versionEndExcluding": "5.4.114", "versionStartIncluding": "4.20.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4EF3FA8C-FC42-4ADB-A80D-83E76B33E34F", "versionEndExcluding": "5.10.32", "versionStartIncluding": "5.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C5242B9-B5BD-4578-AD66-69DF59D54A14", "versionEndExcluding": "5.11.16", "versionStartIncluding": "5.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: footbridge: fix PCI interrupt mapping\n\nSince commit 30fdfb929e82 (\"PCI: Add a call to pci_assign_irq() in\npci_device_probe()\"), the PCI code will call the IRQ mapping function\nwhenever a PCI driver is probed. If these are marked as __init, this\ncauses an oops if a PCI driver is loaded or bound after the kernel has\ninitialised."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ARM: footbridge: corrige el mapeo de interrupciones PCI Desde el commit 30fdfb929e82 (\"PCI: agregue una llamada a pci_assign_irq() en pci_device_probe()\"), el c\u00f3digo PCI llamar\u00e1 a la funci\u00f3n de mapeo IRQ cada vez que se prueba un controlador PCI. Si est\u00e1n marcados como __init, esto provoca un error si se carga o enlaza un controlador PCI despu\u00e9s de que el kernel se haya inicializado."}], "id": "CVE-2021-46909", "lastModified": "2024-04-17T16:57:37.127", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-27T07:15:07.130", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1fc087fdb98d556b416c82ed6e3964a30885f47a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2643da6aa57920d9159a1a579fb04f89a2b0d29a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/30e3b4f256b4e366a61658c294f6a21b8626dda7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/532747fd5c7aaa17ee5cf79f3e947c31eb0e35cf"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/871b569a3e67f570df9f5ba195444dc7c621293b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c3efce8cc9807339633ee30e39882f4c8626ee1d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:4352", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.8.1.rt7.349.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-07-08T00:00:00Z"}, {"advisory": "RHSA-2024:4211", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.8.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-07-02T00:00:00Z"}], "bugzilla": {"description": "kernel: PCI interrupt mapping cause oops", "id": "2266408", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266408"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-391", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nARM: footbridge: fix PCI interrupt mapping\nSince commit 30fdfb929e82 (\"PCI: Add a call to pci_assign_irq() in\npci_device_probe()\"), the PCI code will call the IRQ mapping function\nwhenever a PCI driver is probed. If these are marked as __init, this\ncauses an oops if a PCI driver is loaded or bound after the kernel has\ninitialised."], "name": "CVE-2021-46909", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-46909\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46909\nhttps://git.kernel.org/stable/c/1fc087fdb98d556b416c82ed6e3964a30885f47a\nhttps://git.kernel.org/stable/c/2643da6aa57920d9159a1a579fb04f89a2b0d29a\nhttps://git.kernel.org/stable/c/30e3b4f256b4e366a61658c294f6a21b8626dda7\nhttps://git.kernel.org/stable/c/532747fd5c7aaa17ee5cf79f3e947c31eb0e35cf\nhttps://git.kernel.org/stable/c/871b569a3e67f570df9f5ba195444dc7c621293b\nhttps://git.kernel.org/stable/c/c3efce8cc9807339633ee30e39882f4c8626ee1d"], "statement": "This vulnerability only affects unusual configurations of specific CPUs and affects the availability of only some system hardware. For those reasons, Red Hat considers the impact of this vulnerability to be Low.", "threat_severity": "Low"}