#VU92396 Improper check for unusual or exceptional conditions in Linux kernel - CVE-2021-46909
Vulnerability identifier: #VU92396
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-46909
CWE-ID:
CWE-754
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper check for unusual or exceptional conditions error within the personal_server_map_irq() function in arch/arm/mach-footbridge/personal-pci.c, within the netwinder_map_irq() function in arch/arm/mach-footbridge/netwinder-pci.c, within the ebsa285_map_irq() function in arch/arm/mach-footbridge/ebsa285-pci.c, within the cats_no_swizzle() function in arch/arm/mach-footbridge/cats-pci.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's repository.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/532747fd5c7aaa17ee5cf79f3e947c31eb0e35cf
https://git.kernel.org/stable/c/2643da6aa57920d9159a1a579fb04f89a2b0d29a
https://git.kernel.org/stable/c/871b569a3e67f570df9f5ba195444dc7c621293b
https://git.kernel.org/stable/c/1fc087fdb98d556b416c82ed6e3964a30885f47a
https://git.kernel.org/stable/c/c3efce8cc9807339633ee30e39882f4c8626ee1d
https://git.kernel.org/stable/c/30e3b4f256b4e366a61658c294f6a21b8626dda7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
