CVE-2021-46940

Summary

In the Linux kernel, the following vulnerability has been resolved:

tools/power turbostat: Fix offset overflow issue in index converting

The idx_to_offset() function returns type int (32-bit signed), but MSR_PKG_ENERGY_STAT is u32 and would be interpreted as a negative number. The end result is that it hits the if (offset < 0) check in update_msr_sum() which prevents the timer callback from updating the stat in the background when long durations are used. The similar issue exists in offset_to_idx() and update_msr_sum(). Fix this issue by converting the 'int' to 'off_t' accordingly.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux9972d5d84d76982606806b2ce887f70c2f8ba60a < ea6803ff2cd1a2d7d880256bf562172b708a76ffaffected
LinuxLinux9972d5d84d76982606806b2ce887f70c2f8ba60a < dbdf22fc825fdb1d97f23230064e0f9819471628affected
LinuxLinux9972d5d84d76982606806b2ce887f70c2f8ba60a < 337b1546cde87fb8588ddaedf0201b769baa572aaffected
LinuxLinux9972d5d84d76982606806b2ce887f70c2f8ba60a < 13a779de4175df602366d129e41782ad7168cef0affected
LinuxLinux5.10affected
LinuxLinux0 < 5.10unaffected
LinuxLinux5.10.36 <= 5.10.*unaffected
LinuxLinux5.11.20 <= 5.11.*unaffected
LinuxLinux5.12.3 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References