{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-46994", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-27T18:42:55.949Z", "datePublished": "2024-02-28T08:13:19.115Z", "dateUpdated": "2024-09-11T17:33:38.479Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:00:11.340Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix resume from sleep before interface was brought up\n\nSince 8ce8c0abcba3 the driver queues work via priv->restart_work when\nresuming after suspend, even when the interface was not previously\nenabled. This causes a null dereference error as the workqueue is only\nallocated and initialized in mcp251x_open().\n\nTo fix this we move the workqueue init to mcp251x_can_probe() as there\nis no reason to do it later and repeat it whenever mcp251x_open() is\ncalled.\n\n[mkl: fix error handling in mcp251x_stop()]"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/can/spi/mcp251x.c"], "versions": [{"version": "8ce8c0abcba3", "lessThan": "eecb4df8ec9f", "status": "affected", "versionType": "git"}, {"version": "8ce8c0abcba3", "lessThan": "6f8f1c27b577", "status": "affected", "versionType": "git"}, {"version": "8ce8c0abcba3", "lessThan": "e1e10a390fd9", "status": "affected", "versionType": "git"}, {"version": "8ce8c0abcba3", "lessThan": "03c427147b2d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/can/spi/mcp251x.c"], "versions": [{"version": "5.5", "status": "affected"}, {"version": "0", "lessThan": "5.5", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.38", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.11.22", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.12.5", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/eecb4df8ec9f896b19ee05bfa632ac6c1dcd8f21"}, {"url": "https://git.kernel.org/stable/c/6f8f1c27b577de15f69fefce3c502bb6300d825c"}, {"url": "https://git.kernel.org/stable/c/e1e10a390fd9479209c4d834d916ca5e6d5d396b"}, {"url": "https://git.kernel.org/stable/c/03c427147b2d3e503af258711af4fc792b89b0af"}], "title": "can: mcp251x: fix resume from sleep before interface was brought up", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:38.558Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/eecb4df8ec9f896b19ee05bfa632ac6c1dcd8f21", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6f8f1c27b577de15f69fefce3c502bb6300d825c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e1e10a390fd9479209c4d834d916ca5e6d5d396b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/03c427147b2d3e503af258711af4fc792b89b0af", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46994", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:00:58.367712Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:38.479Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/eecb4df8ec9f896b19ee05bfa632ac6c1dcd8f21", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6f8f1c27b577de15f69fefce3c502bb6300d825c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e1e10a390fd9479209c4d834d916ca5e6d5d396b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/03c427147b2d3e503af258711af4fc792b89b0af", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:38.558Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46994", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:00:58.367712Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:17.814Z"}}], "cna": {"title": "can: mcp251x: fix resume from sleep before interface was brought up", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "8ce8c0abcba3", "lessThan": "eecb4df8ec9f", "versionType": "git"}, {"status": "affected", "version": "8ce8c0abcba3", "lessThan": "6f8f1c27b577", "versionType": "git"}, {"status": "affected", "version": "8ce8c0abcba3", "lessThan": "e1e10a390fd9", "versionType": "git"}, {"status": "affected", "version": "8ce8c0abcba3", "lessThan": "03c427147b2d", "versionType": "git"}], "programFiles": ["drivers/net/can/spi/mcp251x.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.5"}, {"status": "unaffected", "version": "0", "lessThan": "5.5", "versionType": "custom"}, {"status": "unaffected", "version": "5.10.38", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.22", "versionType": "custom", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12.5", "versionType": "custom", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/can/spi/mcp251x.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/eecb4df8ec9f896b19ee05bfa632ac6c1dcd8f21"}, {"url": "https://git.kernel.org/stable/c/6f8f1c27b577de15f69fefce3c502bb6300d825c"}, {"url": "https://git.kernel.org/stable/c/e1e10a390fd9479209c4d834d916ca5e6d5d396b"}, {"url": "https://git.kernel.org/stable/c/03c427147b2d3e503af258711af4fc792b89b0af"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix resume from sleep before interface was brought up\n\nSince 8ce8c0abcba3 the driver queues work via priv->restart_work when\nresuming after suspend, even when the interface was not previously\nenabled. This causes a null dereference error as the workqueue is only\nallocated and initialized in mcp251x_open().\n\nTo fix this we move the workqueue init to mcp251x_can_probe() as there\nis no reason to do it later and repeat it whenever mcp251x_open() is\ncalled.\n\n[mkl: fix error handling in mcp251x_stop()]"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:00:11.340Z"}}}, "cveMetadata": {"cveId": "CVE-2021-46994", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:33:38.479Z", "dateReserved": "2024-02-27T18:42:55.949Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-28T08:13:19.115Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix resume from sleep before interface was brought up\n\nSince 8ce8c0abcba3 the driver queues work via priv->restart_work when\nresuming after suspend, even when the interface was not previously\nenabled. This causes a null dereference error as the workqueue is only\nallocated and initialized in mcp251x_open().\n\nTo fix this we move the workqueue init to mcp251x_can_probe() as there\nis no reason to do it later and repeat it whenever mcp251x_open() is\ncalled.\n\n[mkl: fix error handling in mcp251x_stop()]"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: can: mcp251x: corregir la reanudaci\u00f3n desde la suspensi\u00f3n antes de que se activara la interfaz. Desde 8ce8c0abcba3, las colas de controladores funcionan a trav\u00e9s de priv->restart_work cuando se reanudan despu\u00e9s de la suspensi\u00f3n, incluso cuando la interfaz no estaba habilitada previamente. Esto provoca un error de desreferencia nula ya que la cola de trabajo solo se asigna e inicializa en mcp251x_open(). Para solucionar este problema, movemos el inicio de la cola de trabajo a mcp251x_can_probe() ya que no hay raz\u00f3n para hacerlo m\u00e1s tarde y repetirlo cada vez que se llama a mcp251x_open(). [mkl: corregir el manejo de errores en mcp251x_stop()]"}], "id": "CVE-2021-46994", "lastModified": "2024-02-28T14:06:45.783", "metrics": {}, "published": "2024-02-28T09:15:37.923", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/03c427147b2d3e503af258711af4fc792b89b0af"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6f8f1c27b577de15f69fefce3c502bb6300d825c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e1e10a390fd9479209c4d834d916ca5e6d5d396b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/eecb4df8ec9f896b19ee05bfa632ac6c1dcd8f21"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: can: mcp251x: fix resume from sleep before interface was brought up", "id": "2266885", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266885"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ncan: mcp251x: fix resume from sleep before interface was brought up\nSince 8ce8c0abcba3 the driver queues work via priv->restart_work when\nresuming after suspend, even when the interface was not previously\nenabled. This causes a null dereference error as the workqueue is only\nallocated and initialized in mcp251x_open().\nTo fix this we move the workqueue init to mcp251x_can_probe() as there\nis no reason to do it later and repeat it whenever mcp251x_open() is\ncalled.\n[mkl: fix error handling in mcp251x_stop()]"], "name": "CVE-2021-46994", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-46994\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46994\nhttps://lore.kernel.org/linux-cve-announce/2024022826-CVE-2021-46994-4722@gregkh/T/#u"], "threat_severity": "Low", "upstream_fix": "kernel 5.10.38, kernel 5.11.22, kernel 5.12.5, kernel 5.13"}