| The vulnerability, assigned CVE-2021-46909, affects the ARM footbridge architecture in the Linux kernel. Specifically, it relates to the PCI interrupt mapping function, which is called whenever a PCI driver is probed. The issue arises when these functions are marked as `__init`, causing an oops (a kernel panic) if a PCI driver is loaded or bound after the kernel has initialized. |
| |
| The problem was introduced in kernel version 4.13 with commit 30fdfb929e82 and fixed in various subsequent versions, including 4.14.232, 4.19.189, 5.4.114, 5.10.32, 5.11.16, and 5.12. |
| |
| The affected files are located in the `arch/arm/mach-footbridge/` directory and include `cats-pci.c`, `ebsa285-pci.c`, `netwinder-pci.c`, and `personal-pci.c`. |
| |
| To mitigate this issue, the Linux kernel CVE team recommends updating to the latest stable kernel version. If that is not possible, individual changes can be cherry-picked from the commits listed in the advisory, but this approach is not recommended or supported by the Linux kernel community. |
| |
