CVE-2021-46993
sched: Fix out-of-bound access in uclamp
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved: sched: Fix out-of-bound access in uclamp Util-clamp places tasks in different buckets based on their clamp values
for performance reasons. However, the size of buckets is currently
computed using a rounding division, which can lead to an off-by-one
error in some configurations. For instance, with 20 buckets, the bucket size will be 1024/20=51. A
task with a clamp of 1024 will be mapped to bucket id 1024/51=20. Sadly,
correct indexes are in range [0,19], hence leading to an out of bound
memory access. Clamp the bucket id to fix the issue.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: sched: corrige el acceso fuera de los límites en uclamp Util-clamp coloca las tareas en diferentes depósitos según sus valores de fijación por razones de rendimiento. Sin embargo, el tamaño de los depósitos se calcula actualmente mediante una división de redondeo, lo que puede provocar un error de uno por uno en algunas configuraciones. Por ejemplo, con 20 depósitos, el tamaño del depósito será 1024/20=51. Una tarea con una abrazadera de 1024 se asignará al ID del depósito 1024/51=20. Lamentablemente, los índices correctos están en el rango [0,19], lo que provoca un acceso a la memoria fuera de los límites. Sujete la identificación del depósito para solucionar el problema.
In the Linux kernel, the following vulnerability has been resolved: sched: Fix out-of-bound access in uclamp Util-clamp places tasks in different buckets based on their clamp values for performance reasons. However, the size of buckets is currently computed using a rounding division, which can lead to an off-by-one error in some configurations. For instance, with 20 buckets, the bucket size will be 1024/20=51. A task with a clamp of 1024 will be mapped to bucket id 1024/51=20. Sadly, correct indexes are in range [0,19], hence leading to an out of bound memory access. Clamp the bucket id to fix the issue.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-27 CVE Reserved
- 2024-02-28 CVE Published
- 2024-12-19 CVE Updated
- 2024-12-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/69842cba9ace84849bb9b8edcdf2cefccd97901c | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.3 < 5.4.120 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 5.4.120" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.3 < 5.10.38 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 5.10.38" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.3 < 5.11.22 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 5.11.22" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.3 < 5.12.5 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 5.12.5" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.3 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.3 < 5.13" | en |
Affected
| ||||||