{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-46916", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:45:52.719Z", "datePublished": "2024-02-27T06:53:54.775Z", "dateUpdated": "2024-12-19T07:31:45.588Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:31:45.588Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: Fix NULL pointer dereference in ethtool loopback test\n\nThe ixgbe driver currently generates a NULL pointer dereference when\nperforming the ethtool loopback test. This is due to the fact that there\nisn't a q_vector associated with the test ring when it is setup as\ninterrupts are not normally added to the test rings.\n\nTo address this I have added code that will check for a q_vector before\nreturning a napi_id value. If a q_vector is not present it will return a\nvalue of 0."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/ixgbe/ixgbe_main.c"], "versions": [{"version": "b02e5a0ebb172c8276cea3151942aac681f7a4a6", "lessThan": "758d19098df4b0bbca9f40d6ae6c82c9c18b9bba", "status": "affected", "versionType": "git"}, {"version": "b02e5a0ebb172c8276cea3151942aac681f7a4a6", "lessThan": "31166efb1cee348eb6314e9c0095d84cbeb66b9d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/ixgbe/ixgbe_main.c"], "versions": [{"version": "5.11", "status": "affected"}, {"version": "0", "lessThan": "5.11", "status": "unaffected", "versionType": "semver"}, {"version": "5.11.16", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba"}, {"url": "https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d"}], "title": "ixgbe: Fix NULL pointer dereference in ethtool loopback test", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:42.887Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46916", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:02:07.223543Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:31.253Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:42.887Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46916", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:02:07.223543Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:17.123Z"}}], "cna": {"title": "ixgbe: Fix NULL pointer dereference in ethtool loopback test", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "b02e5a0ebb172c8276cea3151942aac681f7a4a6", "lessThan": "758d19098df4b0bbca9f40d6ae6c82c9c18b9bba", "versionType": "git"}, {"status": "affected", "version": "b02e5a0ebb172c8276cea3151942aac681f7a4a6", "lessThan": "31166efb1cee348eb6314e9c0095d84cbeb66b9d", "versionType": "git"}], "programFiles": ["drivers/net/ethernet/intel/ixgbe/ixgbe_main.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.11"}, {"status": "unaffected", "version": "0", "lessThan": "5.11", "versionType": "semver"}, {"status": "unaffected", "version": "5.11.16", "versionType": "semver", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/ethernet/intel/ixgbe/ixgbe_main.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba"}, {"url": "https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: Fix NULL pointer dereference in ethtool loopback test\n\nThe ixgbe driver currently generates a NULL pointer dereference when\nperforming the ethtool loopback test. This is due to the fact that there\nisn't a q_vector associated with the test ring when it is setup as\ninterrupts are not normally added to the test rings.\n\nTo address this I have added code that will check for a q_vector before\nreturning a napi_id value. If a q_vector is not present it will return a\nvalue of 0."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:31:45.588Z"}}}, "cveMetadata": {"cveId": "CVE-2021-46916", "state": "PUBLISHED", "dateUpdated": "2024-12-19T07:31:45.588Z", "dateReserved": "2024-02-25T13:45:52.719Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-27T06:53:54.775Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C5242B9-B5BD-4578-AD66-69DF59D54A14", "versionEndExcluding": "5.11.16", "versionStartIncluding": "5.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: Fix NULL pointer dereference in ethtool loopback test\n\nThe ixgbe driver currently generates a NULL pointer dereference when\nperforming the ethtool loopback test. This is due to the fact that there\nisn't a q_vector associated with the test ring when it is setup as\ninterrupts are not normally added to the test rings.\n\nTo address this I have added code that will check for a q_vector before\nreturning a napi_id value. If a q_vector is not present it will return a\nvalue of 0."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ixgbe: corrige la desreferencia de puntero NULL en la prueba de bucle invertido de ethtool. El controlador ixgbe actualmente genera una desreferencia de puntero NULL cuando se realiza la prueba de bucle invertido de ethtool. Esto se debe al hecho de que no hay un q_vector asociado con el anillo de prueba cuando se configura, ya que normalmente no se agregan interrupciones a los anillos de prueba. Para solucionar esto, agregu\u00e9 un c\u00f3digo que verificar\u00e1 si hay un q_vector antes de devolver un valor de napi_id. Si un q_vector no est\u00e1 presente, devolver\u00e1 un valor de 0."}], "id": "CVE-2021-46916", "lastModified": "2024-11-21T06:34:55.573", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-27T07:15:08.250", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: NULL pointer dereference in ethtool loopback test", "id": "2266371", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266371"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nixgbe: Fix NULL pointer dereference in ethtool loopback test\nThe ixgbe driver currently generates a NULL pointer dereference when\nperforming the ethtool loopback test. This is due to the fact that there\nisn't a q_vector associated with the test ring when it is setup as\ninterrupts are not normally added to the test rings.\nTo address this I have added code that will check for a q_vector before\nreturning a napi_id value. If a q_vector is not present it will return a\nvalue of 0.", "A NULL pointer dereference flaw was found in ethtool loopback test in the Linux Kernel. This issue occurs due to a missing q_vector associated with the test ring when it is setup, as interrupts are not normally added to the test rings. Exploiting the vulnerability can result in system crash and denial of service attacks."], "mitigation": {"lang": "en:us", "value": "The vulnerable code is present in ixgbe driver supporting 82598 and 82599 based PCI express 10G network connections. The vulnerability can be mitigated by either not using these chipsets or upgrading to the latest software."}, "name": "CVE-2021-46916", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-46916\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46916\nhttps://git.kernel.org/stable/c/31166efb1cee348eb6314e9c0095d84cbeb66b9d\nhttps://git.kernel.org/stable/c/758d19098df4b0bbca9f40d6ae6c82c9c18b9bba"], "statement": "Red Hat does not ship the vulnerable version of the kernel in any of its products.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.12.10"}