{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-46968", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-27T18:42:55.943Z", "datePublished": "2024-02-27T18:47:04.856Z", "dateUpdated": "2025-05-04T07:01:22.480Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:01:22.480Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: fix zcard and zqueue hot-unplug memleak\n\nTests with kvm and a kmemdebug kernel showed, that on hot unplug the\nzcard and zqueue structs for the unplugged card or queue are not\nproperly freed because of a mismatch with get/put for the embedded\nkref counter.\n\nThis fix now adjusts the handling of the kref counters. With init the\nkref counter starts with 1. This initial value needs to drop to zero\nwith the unregister of the card or queue to trigger the release and\nfree the object."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/s390/crypto/zcrypt_card.c", "drivers/s390/crypto/zcrypt_queue.c"], "versions": [{"version": "29c2680fd2bf3862ff5cf2957f198512493156f9", "lessThan": "026499a9c2e002e621ad568d1378324ae97e5524", "status": "affected", "versionType": "git"}, {"version": "29c2680fd2bf3862ff5cf2957f198512493156f9", "lessThan": "055a063a18bcd19b93709e3eac8078d6b2f04599", "status": "affected", "versionType": "git"}, {"version": "29c2680fd2bf3862ff5cf2957f198512493156f9", "lessThan": "971dc8706cee47393d393905d294ea47e39503d3", "status": "affected", "versionType": "git"}, {"version": "29c2680fd2bf3862ff5cf2957f198512493156f9", "lessThan": "70fac8088cfad9f3b379c9082832b4d7532c16c2", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/s390/crypto/zcrypt_card.c", "drivers/s390/crypto/zcrypt_queue.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.36", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.11.20", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.3", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "5.10.36"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "5.11.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "5.12.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "5.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/026499a9c2e002e621ad568d1378324ae97e5524"}, {"url": "https://git.kernel.org/stable/c/055a063a18bcd19b93709e3eac8078d6b2f04599"}, {"url": "https://git.kernel.org/stable/c/971dc8706cee47393d393905d294ea47e39503d3"}, {"url": "https://git.kernel.org/stable/c/70fac8088cfad9f3b379c9082832b4d7532c16c2"}], "title": "s390/zcrypt: fix zcard and zqueue hot-unplug memleak", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:42.992Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/026499a9c2e002e621ad568d1378324ae97e5524", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/055a063a18bcd19b93709e3eac8078d6b2f04599", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/971dc8706cee47393d393905d294ea47e39503d3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/70fac8088cfad9f3b379c9082832b4d7532c16c2", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46968", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:01:31.707354Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:46.536Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/026499a9c2e002e621ad568d1378324ae97e5524", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/055a063a18bcd19b93709e3eac8078d6b2f04599", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/971dc8706cee47393d393905d294ea47e39503d3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/70fac8088cfad9f3b379c9082832b4d7532c16c2", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:42.992Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46968", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:01:31.707354Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:18.598Z"}}], "cna": {"title": "s390/zcrypt: fix zcard and zqueue hot-unplug memleak", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "29c2680fd2bf3862ff5cf2957f198512493156f9", "lessThan": "026499a9c2e002e621ad568d1378324ae97e5524", "versionType": "git"}, {"status": "affected", "version": "29c2680fd2bf3862ff5cf2957f198512493156f9", "lessThan": "055a063a18bcd19b93709e3eac8078d6b2f04599", "versionType": "git"}, {"status": "affected", "version": "29c2680fd2bf3862ff5cf2957f198512493156f9", "lessThan": "971dc8706cee47393d393905d294ea47e39503d3", "versionType": "git"}, {"status": "affected", "version": "29c2680fd2bf3862ff5cf2957f198512493156f9", "lessThan": "70fac8088cfad9f3b379c9082832b4d7532c16c2", "versionType": "git"}], "programFiles": ["drivers/s390/crypto/zcrypt_card.c", "drivers/s390/crypto/zcrypt_queue.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.10"}, {"status": "unaffected", "version": "0", "lessThan": "5.10", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.36", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.20", "versionType": "semver", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12.3", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/s390/crypto/zcrypt_card.c", "drivers/s390/crypto/zcrypt_queue.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/026499a9c2e002e621ad568d1378324ae97e5524"}, {"url": "https://git.kernel.org/stable/c/055a063a18bcd19b93709e3eac8078d6b2f04599"}, {"url": "https://git.kernel.org/stable/c/971dc8706cee47393d393905d294ea47e39503d3"}, {"url": "https://git.kernel.org/stable/c/70fac8088cfad9f3b379c9082832b4d7532c16c2"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: fix zcard and zqueue hot-unplug memleak\n\nTests with kvm and a kmemdebug kernel showed, that on hot unplug the\nzcard and zqueue structs for the unplugged card or queue are not\nproperly freed because of a mismatch with get/put for the embedded\nkref counter.\n\nThis fix now adjusts the handling of the kref counters. With init the\nkref counter starts with 1. This initial value needs to drop to zero\nwith the unregister of the card or queue to trigger the release and\nfree the object."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.36", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.11.20", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.12.3", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.13", "versionStartIncluding": "5.10"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:01:22.480Z"}}}, "cveMetadata": {"cveId": "CVE-2021-46968", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:01:22.480Z", "dateReserved": "2024-02-27T18:42:55.943Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-27T18:47:04.856Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3C0C655-F217-444C-9131-45D82FAF3CFF", "versionEndExcluding": "5.10.36", "versionStartIncluding": "5.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EEC03413-9760-46D4-AC1D-EB084A1D4111", "versionEndExcluding": "5.11.20", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9D6B2DE-7E4A-4B3B-9AEE-3A2C5F23DA32", "versionEndExcluding": "5.12.3", "versionStartIncluding": "5.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: fix zcard and zqueue hot-unplug memleak\n\nTests with kvm and a kmemdebug kernel showed, that on hot unplug the\nzcard and zqueue structs for the unplugged card or queue are not\nproperly freed because of a mismatch with get/put for the embedded\nkref counter.\n\nThis fix now adjusts the handling of the kref counters. With init the\nkref counter starts with 1. This initial value needs to drop to zero\nwith the unregister of the card or queue to trigger the release and\nfree the object."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: s390/zcrypt: corrige zcard y zqueue hot-unplug memleak Las pruebas con kvm y un kernel kmemdebug mostraron que, al desconectar en caliente, las estructuras zcard y zqueue para la tarjeta o cola desconectada no est\u00e1n liberado correctamente debido a una discrepancia con get/put para el contador kref integrado. Esta soluci\u00f3n ahora ajusta el manejo de los contadores kref. Con init, el contador kref comienza con 1. Este valor inicial debe caer a cero con la cancelaci\u00f3n del registro de la tarjeta o cola para activar la liberaci\u00f3n y liberar el objeto."}], "id": "CVE-2021-46968", "lastModified": "2025-01-08T16:50:33.063", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-27T19:04:07.217", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/026499a9c2e002e621ad568d1378324ae97e5524"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/055a063a18bcd19b93709e3eac8078d6b2f04599"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/70fac8088cfad9f3b379c9082832b4d7532c16c2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/971dc8706cee47393d393905d294ea47e39503d3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/026499a9c2e002e621ad568d1378324ae97e5524"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/055a063a18bcd19b93709e3eac8078d6b2f04599"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/70fac8088cfad9f3b379c9082832b4d7532c16c2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/971dc8706cee47393d393905d294ea47e39503d3"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: s390/zcrypt: fix zcard and zqueue hot-unplug memleak", "id": "2266802", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266802"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-402", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ns390/zcrypt: fix zcard and zqueue hot-unplug memleak\nTests with kvm and a kmemdebug kernel showed, that on hot unplug the\nzcard and zqueue structs for the unplugged card or queue are not\nproperly freed because of a mismatch with get/put for the embedded\nkref counter.\nThis fix now adjusts the handling of the kref counters. With init the\nkref counter starts with 1. This initial value needs to drop to zero\nwith the unregister of the card or queue to trigger the release and\nfree the object."], "name": "CVE-2021-46968", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-46968\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46968\nhttps://lore.kernel.org/linux-cve-announce/2024022720-CVE-2021-46968-8c71@gregkh/T/#u"], "statement": "No Red Hat Products are affected by this vulnerability.", "threat_severity": "Low"}

{}