{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-46940","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-25T13:45:52.721Z","datePublished":"2024-02-27T18:40:28.063Z","dateUpdated":"2025-05-04T07:00:44.951Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:00:44.951Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntools/power turbostat: Fix offset overflow issue in index converting\n\nThe idx_to_offset() function returns type int (32-bit signed), but\nMSR_PKG_ENERGY_STAT is u32 and would be interpreted as a negative number.\nThe end result is that it hits the if (offset < 0) check in update_msr_sum()\nwhich prevents the timer callback from updating the stat in the background when\nlong durations are used. The similar issue exists in offset_to_idx() and\nupdate_msr_sum(). Fix this issue by converting the 'int' to 'off_t' accordingly."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["tools/power/x86/turbostat/turbostat.c"],"versions":[{"version":"9972d5d84d76982606806b2ce887f70c2f8ba60a","lessThan":"ea6803ff2cd1a2d7d880256bf562172b708a76ff","status":"affected","versionType":"git"},{"version":"9972d5d84d76982606806b2ce887f70c2f8ba60a","lessThan":"dbdf22fc825fdb1d97f23230064e0f9819471628","status":"affected","versionType":"git"},{"version":"9972d5d84d76982606806b2ce887f70c2f8ba60a","lessThan":"337b1546cde87fb8588ddaedf0201b769baa572a","status":"affected","versionType":"git"},{"version":"9972d5d84d76982606806b2ce887f70c2f8ba60a","lessThan":"13a779de4175df602366d129e41782ad7168cef0","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["tools/power/x86/turbostat/turbostat.c"],"versions":[{"version":"5.10","status":"affected"},{"version":"0","lessThan":"5.10","status":"unaffected","versionType":"semver"},{"version":"5.10.36","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.11.20","lessThanOrEqual":"5.11.*","status":"unaffected","versionType":"semver"},{"version":"5.12.3","lessThanOrEqual":"5.12.*","status":"unaffected","versionType":"semver"},{"version":"5.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.10.36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.11.20"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.12.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.10","versionEndExcluding":"5.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ea6803ff2cd1a2d7d880256bf562172b708a76ff"},{"url":"https://git.kernel.org/stable/c/dbdf22fc825fdb1d97f23230064e0f9819471628"},{"url":"https://git.kernel.org/stable/c/337b1546cde87fb8588ddaedf0201b769baa572a"},{"url":"https://git.kernel.org/stable/c/13a779de4175df602366d129e41782ad7168cef0"}],"title":"tools/power turbostat: Fix offset overflow issue in index converting","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-46940","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-03-05T20:11:09.167869Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-05T17:21:06.431Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:17:42.991Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/ea6803ff2cd1a2d7d880256bf562172b708a76ff","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/dbdf22fc825fdb1d97f23230064e0f9819471628","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/337b1546cde87fb8588ddaedf0201b769baa572a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/13a779de4175df602366d129e41782ad7168cef0","tags":["x_transferred"]}]}]}}