CVE-2021-47006
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook
The commit 1879445dfa7b ("perf/core: Set event's default ::overflow_handler()") set a default event->overflow_handler in perf_event_alloc(), and replace the check event->overflow_handler with is_default_overflow_handler(), but one is missing.
Currently, the bp->overflow_handler can not be NULL. As a result, enable_single_step() is always not invoked.
Comments from Zhen Lei:
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1879445dfa7bbd6fe21b09c5cc72f4934798afed < 555a70f7fff03bd669123487905c47ae27dbdaac | affected |
| Linux | Linux | 1879445dfa7bbd6fe21b09c5cc72f4934798afed < ed1f67465327cec4457bb988775245b199da86e6 | affected |
| Linux | Linux | 1879445dfa7bbd6fe21b09c5cc72f4934798afed < a9938d6d78a238d6ab8de57a4d3dcf77adceb9bb | affected |
| Linux | Linux | 1879445dfa7bbd6fe21b09c5cc72f4934798afed < 3ed8832aeaa9a37b0fc386bb72ff604352567c80 | affected |
| Linux | Linux | 1879445dfa7bbd6fe21b09c5cc72f4934798afed < 630146203108bf6b8934eec0dfdb3e46dcb917de | affected |
| Linux | Linux | 1879445dfa7bbd6fe21b09c5cc72f4934798afed < 7eeacc6728c5478e3c01bc82a1f08958eaa12366 | affected |
| Linux | Linux | 1879445dfa7bbd6fe21b09c5cc72f4934798afed < dabe299425b1a53a69461fed7ac8922ea6733a25 | affected |
| Linux | Linux | 1879445dfa7bbd6fe21b09c5cc72f4934798afed < a506bd5756290821a4314f502b4bafc2afcf5260 | affected |
| Linux | Linux | 4.7 | affected |
| Linux | Linux | 0 < 4.7 | unaffected |
| Linux | Linux | 4.9.269 <= 4.9.* | unaffected |
| Linux | Linux | 4.14.233 <= 4.14.* | unaffected |
| Linux | Linux | 4.19.191 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.120 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.38 <= 5.10.* | unaffected |
| Linux | Linux | 5.11.22 <= 5.11.* | unaffected |
| Linux | Linux | 5.12.5 <= 5.12.* | unaffected |
| Linux | Linux | 5.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/555a70f7fff03bd669123487905c47ae27dbdaac
- https://git.kernel.org/stable/c/ed1f67465327cec4457bb988775245b199da86e6
- https://git.kernel.org/stable/c/a9938d6d78a238d6ab8de57a4d3dcf77adceb9bb
- https://git.kernel.org/stable/c/3ed8832aeaa9a37b0fc386bb72ff604352567c80
- https://git.kernel.org/stable/c/630146203108bf6b8934eec0dfdb3e46dcb917de
- https://git.kernel.org/stable/c/7eeacc6728c5478e3c01bc82a1f08958eaa12366
- https://git.kernel.org/stable/c/dabe299425b1a53a69461fed7ac8922ea6733a25
- https://git.kernel.org/stable/c/a506bd5756290821a4314f502b4bafc2afcf5260
References
- https://git.kernel.org/stable/c/555a70f7fff03bd669123487905c47ae27dbdaac
- https://git.kernel.org/stable/c/ed1f67465327cec4457bb988775245b199da86e6
- https://git.kernel.org/stable/c/a9938d6d78a238d6ab8de57a4d3dcf77adceb9bb
- https://git.kernel.org/stable/c/3ed8832aeaa9a37b0fc386bb72ff604352567c80
- https://git.kernel.org/stable/c/630146203108bf6b8934eec0dfdb3e46dcb917de
- https://git.kernel.org/stable/c/7eeacc6728c5478e3c01bc82a1f08958eaa12366
- https://git.kernel.org/stable/c/dabe299425b1a53a69461fed7ac8922ea6733a25
- https://git.kernel.org/stable/c/a506bd5756290821a4314f502b4bafc2afcf5260
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.