CVE-2021-46940

tools/power turbostat: Fix offset overflow issue in index converting

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

tools/power turbostat: Fix offset overflow issue in index converting

The idx_to_offset() function returns type int (32-bit signed), but
MSR_PKG_ENERGY_STAT is u32 and would be interpreted as a negative number.
The end result is that it hits the if (offset < 0) check in update_msr_sum()
which prevents the timer callback from updating the stat in the background when
long durations are used. The similar issue exists in offset_to_idx() and
update_msr_sum(). Fix this issue by converting the 'int' to 'off_t' accordingly.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: herramientas/turbostat de potencia: soluciona el problema de desbordamiento de compensación en la conversión de índice. La función idx_to_offset() devuelve el tipo int (32 bits firmado), pero MSR_PKG_ENERGY_STAT es u32 y se interpretaría como negativo. número. El resultado final es que alcanza la verificación if (offset < 0) en update_msr_sum(), lo que evita que la devolución de llamada del temporizador actualice la estadística en segundo plano cuando se utilizan duraciones prolongadas. Existe un problema similar en offset_to_idx() y update_msr_sum(). Solucione este problema convirtiendo 'int' a 'off_t' en consecuencia.

*Credits: N/A

CVSS Scores

NISTv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-25 CVE Reserved
2024-02-27 CVE Published
2024-04-21 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-190: Integer Overflow or Wraparound

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/9972d5d84d76982606806b2ce887f70c2f8ba60a	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/ea6803ff2cd1a2d7d880256bf562172b708a76ff	2021-05-11
https://git.kernel.org/stable/c/dbdf22fc825fdb1d97f23230064e0f9819471628	2021-05-12
https://git.kernel.org/stable/c/337b1546cde87fb8588ddaedf0201b769baa572a	2021-05-12
https://git.kernel.org/stable/c/13a779de4175df602366d129e41782ad7168cef0	2021-05-04

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 5.10.36 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 5.10.36"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 5.11.20 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 5.11.20"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 5.12.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 5.12.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10 < 5.13"		en		Affected