CVE-2021-46928 (Medium) detected in linuxv4.19

[mend-bolt-for-github[bot]]

CVE-2021-46928 - Medium Severity Vulnerability

Vulnerable Library - linuxv4.19

Linux kernel source tree

Library home page: https://github.com/torvalds/linux.git

Found in HEAD commit: d80c4f847c91020292cb280132b15e2ea147f1a3

Found in base branch: master

Vulnerable Source Files (2)

/arch/parisc/kernel/traps.c /arch/parisc/kernel/traps.c

Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: parisc: Clear stale IIR value on instruction access rights trap When a trap 7 (Instruction access rights) occurs, this means the CPU couldn't execute an instruction due to missing execute permissions on the memory region. In this case it seems the CPU didn't even fetched the instruction from memory and thus did not store it in the cr19 (IIR) register before calling the trap handler. So, the trap handler will find some random old stale value in cr19. This patch simply overwrites the stale IIR value with a constant magic "bad food" value (0xbaadf00d), in the hope people don't start to try to understand the various random IIR values in trap 7 dumps.

Publish Date: 2024-02-27

URL: CVE-2021-46928

CVSS 3 Score Details (5.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.linuxkernelcves.com/cves/CVE-2021-46928

Release Date: 2024-02-27

Fix Resolution: v5.10.90,v5.15.13

---

Step up your Open Source Security Game with Mend here