cve/published/2021/CVE-2021-46969.json - pub/scm/linux/security/vulns - Git at Google

 {
    "containers": {
       "cna": {
          "providerMetadata": {
             "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
          },
          "descriptions": [
             {
                "lang": "en",
                "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: core: Fix invalid error returning in mhi_queue\n\nmhi_queue returns an error when the doorbell is not accessible in\nthe current state. This can happen when the device is in non M0\nstate, like M3, and needs to be waken-up prior ringing the DB. This\ncase is managed earlier by triggering an asynchronous M3 exit via\ncontroller resume/suspend callbacks, that in turn will cause M0\ntransition and DB update.\n\nSo, since it's not an error but just delaying of doorbell update, there\nis no reason to return an error.\n\nThis also fixes a use after free error for skb case, indeed a caller\nqueuing skb will try to free the skb if the queueing fails, but in\nthat case queueing has been done."
             }
          ],
          "affected": [
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "unaffected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/bus/mhi/core/main.c"
                ],
                "versions": [
                   {
                      "version": "a8f75cb348fd52e7a5cf25991cdf9c89fb0cfd41",
                      "lessThan": "a99b661c3187365f81026d89b1133a76cd2652b3",
                      "status": "affected",
                      "versionType": "git"
                   },
                   {
                      "version": "a8f75cb348fd52e7a5cf25991cdf9c89fb0cfd41",
                      "lessThan": "0ecc1c70dcd32c0f081b173a1a5d89952686f271",
                      "status": "affected",
                      "versionType": "git"
                   }
                ]
             },
             {
                "product": "Linux",
                "vendor": "Linux",
                "defaultStatus": "affected",
                "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                "programFiles": [
                   "drivers/bus/mhi/core/main.c"
                ],
                "versions": [
                   {
                      "version": "5.12",
                      "status": "affected"
                   },
                   {
                      "version": "0",
                      "lessThan": "5.12",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.12.3",
                      "lessThanOrEqual": "5.12.*",
                      "status": "unaffected",
                      "versionType": "semver"
                   },
                   {
                      "version": "5.13",
                      "lessThanOrEqual": "*",
                      "status": "unaffected",
                      "versionType": "original_commit_for_fix"
                   }
                ]
             }
          ],
          "cpeApplicability": [
             {
                "nodes": [
                   {
                      "operator": "OR",
                      "negate": false,
                      "cpeMatch": [
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.12",
                            "versionEndExcluding": "5.12.3"
                         },
                         {
                            "vulnerable": true,
                            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                            "versionStartIncluding": "5.12",
                            "versionEndExcluding": "5.13"
                         }
                      ]
                   }
                ]
             }
          ],
          "references": [
             {
                "url": "https://git.kernel.org/stable/c/a99b661c3187365f81026d89b1133a76cd2652b3"
             },
             {
                "url": "https://git.kernel.org/stable/c/0ecc1c70dcd32c0f081b173a1a5d89952686f271"
             }
          ],
          "title": "bus: mhi: core: Fix invalid error returning in mhi_queue",
          "x_generator": {
             "engine": "bippy-1.2.0"
          }
       }
    },
    "cveMetadata": {
       "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
       "cveID": "CVE-2021-46969",
       "requesterUserId": "gregkh@kernel.org",
       "serial": "1",
       "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.0"
 }
	{
	"containers": {
	"cna": {
	"providerMetadata": {
	"orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
	},
	"descriptions": [
	{
	"lang": "en",
	"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: core: Fix invalid error returning in mhi_queue\n\nmhi_queue returns an error when the doorbell is not accessible in\nthe current state. This can happen when the device is in non M0\nstate, like M3, and needs to be waken-up prior ringing the DB. This\ncase is managed earlier by triggering an asynchronous M3 exit via\ncontroller resume/suspend callbacks, that in turn will cause M0\ntransition and DB update.\n\nSo, since it's not an error but just delaying of doorbell update, there\nis no reason to return an error.\n\nThis also fixes a use after free error for skb case, indeed a caller\nqueuing skb will try to free the skb if the queueing fails, but in\nthat case queueing has been done."
	}
	],
	"affected": [
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "unaffected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/bus/mhi/core/main.c"
	],
	"versions": [
	{
	"version": "a8f75cb348fd52e7a5cf25991cdf9c89fb0cfd41",
	"lessThan": "a99b661c3187365f81026d89b1133a76cd2652b3",
	"status": "affected",
	"versionType": "git"
	},
	{
	"version": "a8f75cb348fd52e7a5cf25991cdf9c89fb0cfd41",
	"lessThan": "0ecc1c70dcd32c0f081b173a1a5d89952686f271",
	"status": "affected",
	"versionType": "git"
	}
	]
	},
	{
	"product": "Linux",
	"vendor": "Linux",
	"defaultStatus": "affected",
	"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
	"programFiles": [
	"drivers/bus/mhi/core/main.c"
	],
	"versions": [
	{
	"version": "5.12",
	"status": "affected"
	},
	{
	"version": "0",
	"lessThan": "5.12",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.12.3",
	"lessThanOrEqual": "5.12.*",
	"status": "unaffected",
	"versionType": "semver"
	},
	{
	"version": "5.13",
	"lessThanOrEqual": "*",
	"status": "unaffected",
	"versionType": "original_commit_for_fix"
	}
	]
	}
	],
	"cpeApplicability": [
	{
	"nodes": [
	{
	"operator": "OR",
	"negate": false,
	"cpeMatch": [
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.12",
	"versionEndExcluding": "5.12.3"
	},
	{
	"vulnerable": true,
	"criteria": "cpe:2.3:o:linux:linux_kernel::::::::",
	"versionStartIncluding": "5.12",
	"versionEndExcluding": "5.13"
	}
	]
	}
	]
	}
	],
	"references": [
	{
	"url": "https://git.kernel.org/stable/c/a99b661c3187365f81026d89b1133a76cd2652b3"
	},
	{
	"url": "https://git.kernel.org/stable/c/0ecc1c70dcd32c0f081b173a1a5d89952686f271"
	}
	],
	"title": "bus: mhi: core: Fix invalid error returning in mhi_queue",
	"x_generator": {
	"engine": "bippy-1.2.0"
	}
	}
	},
	"cveMetadata": {
	"assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
	"cveID": "CVE-2021-46969",
	"requesterUserId": "gregkh@kernel.org",
	"serial": "1",
	"state": "PUBLISHED"
	},
	"dataType": "CVE_RECORD",
	"dataVersion": "5.0"
	}