| The vulnerability CVE-2021-46920 affects the dmaengine idxd driver in the Linux kernel, specifically in the `irq.c` file. The issue arises when the driver writes over the SWERR and OVERFLOW bits without properly reading them first, potentially clobbering the OVERFLOW bit. To fix this, the driver should read the bits before writing to avoid overwriting important error information. |
| |
| The vulnerability was introduced in kernel version 5.6 with commit `bfe1d56091c1` and has been fixed in versions 5.10.32 with commit `a5ad12d5d69c`, 5.11.16 with commit `02981a44a0e4`, and 5.12 with commit `ea941ac294d7`. To mitigate this issue, users are recommended to update to the latest stable kernel version. If updating is not possible, individual changes can be cherry-picked from the specified commits. |
| |
| The root cause of the issue lies in the incorrect handling of register writes, where the driver fails to preserve the error information stored in the OVERFLOW bit. By reading the bits before writing, the driver ensures that important error information is preserved and not lost due to overwriting. |
| |
