CVE-2021-46919

low-risk
Published 2024-02-27

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix wq size store permission state WQ size can only be changed when the device is disabled. Current code allows change when device is enabled but wq is disabled. Change the check to detect device state.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Linux

References (6)

Patch https://git.kernel.org/stable/c/05b7791c4c4aa8304368fdc55ae911f6b34e7281
Patch https://git.kernel.org/stable/c/0fff71c5a311e1264988179f7dcc217fda15fadd
Patch https://git.kernel.org/stable/c/4ecf25595273203010bc8318c4aee60ad64037ae
Patch https://git.kernel.org/stable/c/05b7791c4c4aa8304368fdc55ae911f6b34e7281
Patch https://git.kernel.org/stable/c/0fff71c5a311e1264988179f7dcc217fda15fadd
Patch https://git.kernel.org/stable/c/4ecf25595273203010bc8318c4aee60ad64037ae
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal