{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-46917", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:45:52.719Z", "datePublished": "2024-02-27T06:53:55.427Z", "dateUpdated": "2024-08-04T05:17:43.010Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T04:58:49.060Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix wq cleanup of WQCFG registers\n\nA pre-release silicon erratum workaround where wq reset does not clear\nWQCFG registers was leaked into upstream code. Use wq reset command\ninstead of blasting the MMIO region. This also address an issue where\nwe clobber registers in future devices."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/dma/idxd/device.c", "drivers/dma/idxd/idxd.h", "drivers/dma/idxd/sysfs.c"], "versions": [{"version": "da32b28c95a7", "lessThan": "e5eb9757fe4c", "status": "affected", "versionType": "git"}, {"version": "da32b28c95a7", "lessThan": "f7dc8f561916", "status": "affected", "versionType": "git"}, {"version": "da32b28c95a7", "lessThan": "ea9aadc06a9f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/dma/idxd/device.c", "drivers/dma/idxd/idxd.h", "drivers/dma/idxd/sysfs.c"], "versions": [{"version": "5.8", "status": "affected"}, {"version": "0", "lessThan": "5.8", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.32", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.11.16", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/e5eb9757fe4c2392e069246ae78badc573af1833"}, {"url": "https://git.kernel.org/stable/c/f7dc8f5619165e1fa3383d0c2519f502d9e2a1a9"}, {"url": "https://git.kernel.org/stable/c/ea9aadc06a9f10ad20a90edc0a484f1147d88a7a"}], "title": "dmaengine: idxd: fix wq cleanup of WQCFG registers", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46917", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-27T15:59:12.900977Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:22:00.658Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:43.010Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e5eb9757fe4c2392e069246ae78badc573af1833", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f7dc8f5619165e1fa3383d0c2519f502d9e2a1a9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ea9aadc06a9f10ad20a90edc0a484f1147d88a7a", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46917", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-27T15:59:12.900977Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:40.886Z"}}], "cna": {"title": "dmaengine: idxd: fix wq cleanup of WQCFG registers", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "da32b28c95a7", "lessThan": "e5eb9757fe4c", "versionType": "git"}, {"status": "affected", "version": "da32b28c95a7", "lessThan": "f7dc8f561916", "versionType": "git"}, {"status": "affected", "version": "da32b28c95a7", "lessThan": "ea9aadc06a9f", "versionType": "git"}], "programFiles": ["drivers/dma/idxd/device.c", "drivers/dma/idxd/idxd.h", "drivers/dma/idxd/sysfs.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.8"}, {"status": "unaffected", "version": "0", "lessThan": "5.8", "versionType": "custom"}, {"status": "unaffected", "version": "5.10.32", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.16", "versionType": "custom", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/dma/idxd/device.c", "drivers/dma/idxd/idxd.h", "drivers/dma/idxd/sysfs.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/e5eb9757fe4c2392e069246ae78badc573af1833"}, {"url": "https://git.kernel.org/stable/c/f7dc8f5619165e1fa3383d0c2519f502d9e2a1a9"}, {"url": "https://git.kernel.org/stable/c/ea9aadc06a9f10ad20a90edc0a484f1147d88a7a"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix wq cleanup of WQCFG registers\n\nA pre-release silicon erratum workaround where wq reset does not clear\nWQCFG registers was leaked into upstream code. Use wq reset command\ninstead of blasting the MMIO region. This also address an issue where\nwe clobber registers in future devices."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T04:58:49.060Z"}}}, "cveMetadata": {"cveId": "CVE-2021-46917", "state": "PUBLISHED", "dateUpdated": "2024-07-05T17:22:00.658Z", "dateReserved": "2024-02-25T13:45:52.719Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-27T06:53:55.427Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE87B38C-0350-471A-8830-58E1E02F7E2E", "versionEndExcluding": "5.10.32", "versionStartIncluding": "5.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C5242B9-B5BD-4578-AD66-69DF59D54A14", "versionEndExcluding": "5.11.16", "versionStartIncluding": "5.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix wq cleanup of WQCFG registers\n\nA pre-release silicon erratum workaround where wq reset does not clear\nWQCFG registers was leaked into upstream code. Use wq reset command\ninstead of blasting the MMIO region. This also address an issue where\nwe clobber registers in future devices."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: dmaengine: idxd: corrige la limpieza de wq de los registros WQCFG. Se filtr\u00f3 en el c\u00f3digo ascendente un workaround de errata de silicio de prelanzamiento en la que el restablecimiento de wq no borra los registros WQCFG. Utilice el comando wq reset en lugar de destruir la regi\u00f3n MMIO. Esto tambi\u00e9n soluciona un problema por el cual golpeamos los registros en dispositivos futuros."}], "id": "CVE-2021-46917", "lastModified": "2024-04-10T14:43:21.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-27T07:15:08.383", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e5eb9757fe4c2392e069246ae78badc573af1833"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ea9aadc06a9f10ad20a90edc0a484f1147d88a7a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f7dc8f5619165e1fa3383d0c2519f502d9e2a1a9"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: wq reset does not clear WQCFG registers", "id": "2266376", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266376"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-402", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ndmaengine: idxd: fix wq cleanup of WQCFG registers\nA pre-release silicon erratum workaround where wq reset does not clear\nWQCFG registers was leaked into upstream code. Use wq reset command\ninstead of blasting the MMIO region. This also address an issue where\nwe clobber registers in future devices."], "name": "CVE-2021-46917", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-46917\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46917\nhttps://git.kernel.org/stable/c/e5eb9757fe4c2392e069246ae78badc573af1833\nhttps://git.kernel.org/stable/c/ea9aadc06a9f10ad20a90edc0a484f1147d88a7a\nhttps://git.kernel.org/stable/c/f7dc8f5619165e1fa3383d0c2519f502d9e2a1a9"], "threat_severity": "Low"}