| The vulnerability, tracked as CVE-2021-46915, is a divide error in the `nft_limit_init` function of the Linux kernel's netfilter subsystem. The issue arises because the function uses the `div_u64()` function to divide an unsigned 64-bit integer by an unsigned 32-bit integer, which can lead to a divide error. |
| |
| The correct approach would be to use the `div64_u64()` function, which is designed for dividing unsigned 64-bit integers. The vulnerability was introduced in kernel version 4.13 and fixed in various subsequent versions, including 4.14.232, 4.19.189, 5.4.114, 5.10.32, 5.11.16, and 5.12. |
| |
| The affected file is `net/netfilter/nft_limit.c`. The Linux kernel CVE team recommends updating to the latest stable kernel version to resolve this issue, as individual changes are not tested or supported by the kernel community. If updating is not possible, the individual commits to fix this issue can be found at the specified Git commit IDs. |
| |
| The vulnerability was discovered and reported with a crash dump from a system running a vulnerable kernel version. The Linux kernel CVE team has assigned CVE-2021-46915 to this issue, and the official CVE entry will be updated if fixes are backported to older supported kernel versions. |
| |
