CVE-2021-46969 : In the Linux kernel, the following vulnerability has been resolved: bus: mhi: c

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Fix invalid error returning in mhi_queue mhi_queue returns an error when the doorbell is not accessible in the current state. This can happen when the device is in non M0 state, like M3, and needs to be waken-up prior ringing the DB. This case is managed earlier by triggering an asynchronous M3 exit via controller resume/suspend callbacks, that in turn will cause M0 transition and DB update. So, since it's not an error but just delaying of doorbell update, there is no reason to return an error. This also fixes a use after free error for skb case, indeed a caller queuing skb will try to free the skb if the queueing fails, but in that case queueing has been done.

Published 2024-02-27 19:04:07

Updated 2025-01-08 17:19:51

Source Linux

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2021-46969

Linux » Linux Kernel
Versions from including (>=) 5.12 and before (<) 5.12.3
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-46969

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 7 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-46969

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST	2025-01-08
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-46969

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-46969

https://git.kernel.org/stable/c/a99b661c3187365f81026d89b1133a76cd2652b3

bus: mhi: core: Fix invalid error returning in mhi_queue - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/0ecc1c70dcd32c0f081b173a1a5d89952686f271

bus: mhi: core: Fix invalid error returning in mhi_queue - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2021-46969

Products affected by CVE-2021-46969

Exploit prediction scoring system (EPSS) score for CVE-2021-46969

CVSS scores for CVE-2021-46969

CWE ids for CVE-2021-46969

References for CVE-2021-46969