CVE-2021-46918

low-risk
Published 2024-02-27

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: clear MSIX permission entry on shutdown Add disabling/clearing of MSIX permission entries on device shutdown to mirror the enabling of the MSIX entries on probe. Current code left the MSIX enabled and the pasid entries still programmed at device shutdown.

Do I need to act?

-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Linux

References (4)

Patch https://git.kernel.org/stable/c/6df0e6c57dfc064af330071f372f11aa8c584997
Patch https://git.kernel.org/stable/c/c84b8982d7aa9b4717dc36a1c6cbc93ee153b500
Patch https://git.kernel.org/stable/c/6df0e6c57dfc064af330071f372f11aa8c584997
Patch https://git.kernel.org/stable/c/c84b8982d7aa9b4717dc36a1c6cbc93ee153b500
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal