CVE-2021-46940 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: tools/power turbostat: Fix offset overflow issue in index converting The idx_to_offset() function returns type int (32-bit signed), but MSR_PKG_ENERGY_STAT is u32 and would be interpreted as a negative number. The end result is that it hits the if (offset < 0) check in update_msr_sum() which prevents the timer callback from updating the stat in the background when long durations are used. The similar issue exists in offset_to_idx() and update_msr_sum(). Fix this issue by converting the 'int' to 'off_t' accordingly.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

References

Link	Providers
https://git.kernel.org/stable/c/13a779de4175df602366d129e41782ad7168cef0
https://git.kernel.org/stable/c/337b1546cde87fb8588ddaedf0201b769baa572a
https://git.kernel.org/stable/c/dbdf22fc825fdb1d97f23230064e0f9819471628
https://git.kernel.org/stable/c/ea6803ff2cd1a2d7d880256bf562172b708a76ff
https://lore.kernel.org/linux-cve-announce/20240227184057.2368370-5-gregkh@linuxfoundation.org/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2021-46940
https://www.cve.org/CVERecord?id=CVE-2021-46940

History

No history.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-27T18:40:28.063Z

Updated: 2024-08-04T05:17:42.991Z

Reserved: 2024-02-25T13:45:52.721Z

Link: CVE-2021-46940

Vulnrichment

Updated: 2024-08-04T05:17:42.991Z

NVD

Status : Analyzed

Published: 2024-02-27T19:04:05.927

Modified: 2024-04-10T19:44:37.227

Link: CVE-2021-46940

Redhat

Severity :

Publid Date: 2024-02-27T00:00:00Z

Links: CVE-2021-46940 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-46940", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-25T13:45:52.721Z", "datePublished": "2024-02-27T18:40:28.063Z", "dateUpdated": "2024-08-04T05:17:42.991Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T04:59:13.780Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntools/power turbostat: Fix offset overflow issue in index converting\n\nThe idx_to_offset() function returns type int (32-bit signed), but\nMSR_PKG_ENERGY_STAT is u32 and would be interpreted as a negative number.\nThe end result is that it hits the if (offset < 0) check in update_msr_sum()\nwhich prevents the timer callback from updating the stat in the background when\nlong durations are used. The similar issue exists in offset_to_idx() and\nupdate_msr_sum(). Fix this issue by converting the 'int' to 'off_t' accordingly."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["tools/power/x86/turbostat/turbostat.c"], "versions": [{"version": "9972d5d84d76", "lessThan": "ea6803ff2cd1", "status": "affected", "versionType": "git"}, {"version": "9972d5d84d76", "lessThan": "dbdf22fc825f", "status": "affected", "versionType": "git"}, {"version": "9972d5d84d76", "lessThan": "337b1546cde8", "status": "affected", "versionType": "git"}, {"version": "9972d5d84d76", "lessThan": "13a779de4175", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["tools/power/x86/turbostat/turbostat.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.36", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.11.20", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.12.3", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/ea6803ff2cd1a2d7d880256bf562172b708a76ff"}, {"url": "https://git.kernel.org/stable/c/dbdf22fc825fdb1d97f23230064e0f9819471628"}, {"url": "https://git.kernel.org/stable/c/337b1546cde87fb8588ddaedf0201b769baa572a"}, {"url": "https://git.kernel.org/stable/c/13a779de4175df602366d129e41782ad7168cef0"}], "title": "tools/power turbostat: Fix offset overflow issue in index converting", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46940", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T20:11:09.167869Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:21:06.431Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:42.991Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/ea6803ff2cd1a2d7d880256bf562172b708a76ff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dbdf22fc825fdb1d97f23230064e0f9819471628", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/337b1546cde87fb8588ddaedf0201b769baa572a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/13a779de4175df602366d129e41782ad7168cef0", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/ea6803ff2cd1a2d7d880256bf562172b708a76ff", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dbdf22fc825fdb1d97f23230064e0f9819471628", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/337b1546cde87fb8588ddaedf0201b769baa572a", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/13a779de4175df602366d129e41782ad7168cef0", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:42.991Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46940", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T20:11:09.167869Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:37.872Z"}}], "cna": {"title": "tools/power turbostat: Fix offset overflow issue in index converting", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "9972d5d84d76", "lessThan": "ea6803ff2cd1", "versionType": "git"}, {"status": "affected", "version": "9972d5d84d76", "lessThan": "dbdf22fc825f", "versionType": "git"}, {"status": "affected", "version": "9972d5d84d76", "lessThan": "337b1546cde8", "versionType": "git"}, {"status": "affected", "version": "9972d5d84d76", "lessThan": "13a779de4175", "versionType": "git"}], "programFiles": ["tools/power/x86/turbostat/turbostat.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.10"}, {"status": "unaffected", "version": "0", "lessThan": "5.10", "versionType": "custom"}, {"status": "unaffected", "version": "5.10.36", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.20", "versionType": "custom", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12.3", "versionType": "custom", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["tools/power/x86/turbostat/turbostat.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/ea6803ff2cd1a2d7d880256bf562172b708a76ff"}, {"url": "https://git.kernel.org/stable/c/dbdf22fc825fdb1d97f23230064e0f9819471628"}, {"url": "https://git.kernel.org/stable/c/337b1546cde87fb8588ddaedf0201b769baa572a"}, {"url": "https://git.kernel.org/stable/c/13a779de4175df602366d129e41782ad7168cef0"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntools/power turbostat: Fix offset overflow issue in index converting\n\nThe idx_to_offset() function returns type int (32-bit signed), but\nMSR_PKG_ENERGY_STAT is u32 and would be interpreted as a negative number.\nThe end result is that it hits the if (offset < 0) check in update_msr_sum()\nwhich prevents the timer callback from updating the stat in the background when\nlong durations are used. The similar issue exists in offset_to_idx() and\nupdate_msr_sum(). Fix this issue by converting the 'int' to 'off_t' accordingly."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T04:59:13.780Z"}}}, "cveMetadata": {"cveId": "CVE-2021-46940", "state": "PUBLISHED", "dateUpdated": "2024-08-04T05:17:42.991Z", "dateReserved": "2024-02-25T13:45:52.721Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-27T18:40:28.063Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E778606-3A80-42DD-996C-5570B1192986", "versionEndExcluding": "5.10.36", "versionStartIncluding": "5.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EFB425F0-C28C-4B44-8B4C-AD512AA832DE", "versionEndExcluding": "5.11.20", "versionStartIncluding": "5.11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3814FA3-8141-4313-A852-8C4212BE12AD", "versionEndExcluding": "5.12.3", "versionStartIncluding": "5.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntools/power turbostat: Fix offset overflow issue in index converting\n\nThe idx_to_offset() function returns type int (32-bit signed), but\nMSR_PKG_ENERGY_STAT is u32 and would be interpreted as a negative number.\nThe end result is that it hits the if (offset < 0) check in update_msr_sum()\nwhich prevents the timer callback from updating the stat in the background when\nlong durations are used. The similar issue exists in offset_to_idx() and\nupdate_msr_sum(). Fix this issue by converting the 'int' to 'off_t' accordingly."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: herramientas/turbostat de potencia: soluciona el problema de desbordamiento de compensaci\u00f3n en la conversi\u00f3n de \u00edndice. La funci\u00f3n idx_to_offset() devuelve el tipo int (32 bits firmado), pero MSR_PKG_ENERGY_STAT es u32 y se interpretar\u00eda como negativo. n\u00famero. El resultado final es que alcanza la verificaci\u00f3n if (offset < 0) en update_msr_sum(), lo que evita que la devoluci\u00f3n de llamada del temporizador actualice la estad\u00edstica en segundo plano cuando se utilizan duraciones prolongadas. Existe un problema similar en offset_to_idx() y update_msr_sum(). Solucione este problema convirtiendo 'int' a 'off_t' en consecuencia."}], "id": "CVE-2021-46940", "lastModified": "2024-04-10T19:44:37.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-27T19:04:05.927", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/13a779de4175df602366d129e41782ad7168cef0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/337b1546cde87fb8588ddaedf0201b769baa572a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dbdf22fc825fdb1d97f23230064e0f9819471628"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ea6803ff2cd1a2d7d880256bf562172b708a76ff"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: tools/power turbostat: Fix offset overflow issue in index converting", "id": "2266494", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266494"}, "csaw": false, "cvss3": {"cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N", "status": "draft"}, "cwe": "CWE-190", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ntools/power turbostat: Fix offset overflow issue in index converting\nThe idx_to_offset() function returns type int (32-bit signed), but\nMSR_PKG_ENERGY_STAT is u32 and would be interpreted as a negative number.\nThe end result is that it hits the if (offset < 0) check in update_msr_sum()\nwhich prevents the timer callback from updating the stat in the background when\nlong durations are used. The similar issue exists in offset_to_idx() and\nupdate_msr_sum(). Fix this issue by converting the 'int' to 'off_t' accordingly."], "name": "CVE-2021-46940", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-46940\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46940\nhttps://lore.kernel.org/linux-cve-announce/20240227184057.2368370-5-gregkh@linuxfoundation.org/T/#u"], "statement": "Red Hat Product Security does not consider this to be a vulnerability."}