{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-46951","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-25T13:45:52.722Z","datePublished":"2024-02-27T18:40:34.757Z","dateUpdated":"2025-05-04T07:01:02.947Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:01:02.947Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: efi: Use local variable for calculating final log size\n\nWhen tpm_read_log_efi is called multiple times, which happens when\none loads and unloads a TPM2 driver multiple times, then the global\nvariable efi_tpm_final_log_size will at some point become a negative\nnumber due to the subtraction of final_events_preboot_size occurring\neach time. Use a local variable to avoid this integer underflow.\n\nThe following issue is now resolved:\n\nMar  8 15:35:12 hibinst kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\nMar  8 15:35:12 hibinst kernel: Workqueue: tpm-vtpm vtpm_proxy_work [tpm_vtpm_proxy]\nMar  8 15:35:12 hibinst kernel: RIP: 0010:__memcpy+0x12/0x20\nMar  8 15:35:12 hibinst kernel: Code: 00 b8 01 00 00 00 85 d2 74 0a c7 05 44 7b ef 00 0f 00 00 00 c3 cc cc cc 66 66 90 66 90 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 f3 a4\nMar  8 15:35:12 hibinst kernel: RSP: 0018:ffff9ac4c0fcfde0 EFLAGS: 00010206\nMar  8 15:35:12 hibinst kernel: RAX: ffff88f878cefed5 RBX: ffff88f878ce9000 RCX: 1ffffffffffffe0f\nMar  8 15:35:12 hibinst kernel: RDX: 0000000000000003 RSI: ffff9ac4c003bff9 RDI: ffff88f878cf0e4d\nMar  8 15:35:12 hibinst kernel: RBP: ffff9ac4c003b000 R08: 0000000000001000 R09: 000000007e9d6073\nMar  8 15:35:12 hibinst kernel: R10: ffff9ac4c003b000 R11: ffff88f879ad3500 R12: 0000000000000ed5\nMar  8 15:35:12 hibinst kernel: R13: ffff88f878ce9760 R14: 0000000000000002 R15: ffff88f77de7f018\nMar  8 15:35:12 hibinst kernel: FS:  0000000000000000(0000) GS:ffff88f87bd00000(0000) knlGS:0000000000000000\nMar  8 15:35:12 hibinst kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nMar  8 15:35:12 hibinst kernel: CR2: ffff9ac4c003c000 CR3: 00000001785a6004 CR4: 0000000000060ee0\nMar  8 15:35:12 hibinst kernel: Call Trace:\nMar  8 15:35:12 hibinst kernel: tpm_read_log_efi+0x152/0x1a7\nMar  8 15:35:12 hibinst kernel: tpm_bios_log_setup+0xc8/0x1c0\nMar  8 15:35:12 hibinst kernel: tpm_chip_register+0x8f/0x260\nMar  8 15:35:12 hibinst kernel: vtpm_proxy_work+0x16/0x60 [tpm_vtpm_proxy]\nMar  8 15:35:12 hibinst kernel: process_one_work+0x1b4/0x370\nMar  8 15:35:12 hibinst kernel: worker_thread+0x53/0x3e0\nMar  8 15:35:12 hibinst kernel: ? process_one_work+0x370/0x370"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/char/tpm/eventlog/efi.c"],"versions":[{"version":"166a2809d65b282272c474835ec22c882a39ca1b","lessThan":"2f12258b5224cfaa808c54fd29345f3c1cbfca76","status":"affected","versionType":"git"},{"version":"166a2809d65b282272c474835ec22c882a39ca1b","lessThan":"60a01ecc9f68067e4314a0b55148e39e5d58a51b","status":"affected","versionType":"git"},{"version":"166a2809d65b282272c474835ec22c882a39ca1b","lessThan":"3818b753277f5ca0c170bf5b98e0a5a225542fcb","status":"affected","versionType":"git"},{"version":"166a2809d65b282272c474835ec22c882a39ca1b","lessThan":"ac07c557ca12ec9276c0375517bac7ae5be4e50c","status":"affected","versionType":"git"},{"version":"166a2809d65b282272c474835ec22c882a39ca1b","lessThan":"48cff270b037022e37835d93361646205ca25101","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/char/tpm/eventlog/efi.c"],"versions":[{"version":"5.3","status":"affected"},{"version":"0","lessThan":"5.3","status":"unaffected","versionType":"semver"},{"version":"5.4.118","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.36","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.11.20","lessThanOrEqual":"5.11.*","status":"unaffected","versionType":"semver"},{"version":"5.12.3","lessThanOrEqual":"5.12.*","status":"unaffected","versionType":"semver"},{"version":"5.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.4.118"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.10.36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.11.20"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.12.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2f12258b5224cfaa808c54fd29345f3c1cbfca76"},{"url":"https://git.kernel.org/stable/c/60a01ecc9f68067e4314a0b55148e39e5d58a51b"},{"url":"https://git.kernel.org/stable/c/3818b753277f5ca0c170bf5b98e0a5a225542fcb"},{"url":"https://git.kernel.org/stable/c/ac07c557ca12ec9276c0375517bac7ae5be4e50c"},{"url":"https://git.kernel.org/stable/c/48cff270b037022e37835d93361646205ca25101"}],"title":"tpm: efi: Use local variable for calculating final log size","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-46951","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-03-05T20:13:25.298982Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-05T17:22:08.506Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:17:43.102Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/2f12258b5224cfaa808c54fd29345f3c1cbfca76","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/60a01ecc9f68067e4314a0b55148e39e5d58a51b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3818b753277f5ca0c170bf5b98e0a5a225542fcb","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ac07c557ca12ec9276c0375517bac7ae5be4e50c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/48cff270b037022e37835d93361646205ca25101","tags":["x_transferred"]}]}]}}