{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-46974","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-27T18:42:55.944Z","datePublished":"2024-02-27T18:47:08.487Z","dateUpdated":"2025-05-04T12:40:41.356Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:40:41.356Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix masking negation logic upon negative dst register\n\nThe negation logic for the case where the off_reg is sitting in the\ndst register is not correct given then we cannot just invert the add\nto a sub or vice versa. As a fix, perform the final bitwise and-op\nunconditionally into AX from the off_reg, then move the pointer from\nthe src to dst and finally use AX as the source for the original\npointer arithmetic operation such that the inversion yields a correct\nresult. The single non-AX mov in between is possible given constant\nblinding is retaining it as it's not an immediate based operation."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/bpf/verifier.c"],"versions":[{"version":"ae03b6b1c880a03d4771257336dc3bca156dd51b","lessThan":"4d542ddb88fb2f39bf7f14caa2902f3e8d06f6ba","status":"affected","versionType":"git"},{"version":"f92a819b4cbef8c9527d9797110544b2055a4b96","lessThan":"0e2dfdc74a7f4036127356d42ea59388f153f42c","status":"affected","versionType":"git"},{"version":"979d63d50c0c0f7bc537bf821e056cc9fe5abd38","lessThan":"53e0db429b37a32b8fc706d0d90eb4583ad13848","status":"affected","versionType":"git"},{"version":"979d63d50c0c0f7bc537bf821e056cc9fe5abd38","lessThan":"2cfa537674cd1051a3b8111536d77d0558f33d5d","status":"affected","versionType":"git"},{"version":"979d63d50c0c0f7bc537bf821e056cc9fe5abd38","lessThan":"6eba92a4d4be8feb4dc33976abac544fa99d6ecc","status":"affected","versionType":"git"},{"version":"979d63d50c0c0f7bc537bf821e056cc9fe5abd38","lessThan":"7cf64d8679ca1cb20cf57d6a88bfee79a0922a66","status":"affected","versionType":"git"},{"version":"979d63d50c0c0f7bc537bf821e056cc9fe5abd38","lessThan":"b9b34ddbe2076ade359cd5ce7537d5ed019e9807","status":"affected","versionType":"git"},{"version":"078da99d449f64ca04d459cdbdcce513b64173cd","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/bpf/verifier.c"],"versions":[{"version":"5.0","status":"affected"},{"version":"0","lessThan":"5.0","status":"unaffected","versionType":"semver"},{"version":"4.14.233","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.190","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.117","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.35","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.11.19","lessThanOrEqual":"5.11.*","status":"unaffected","versionType":"semver"},{"version":"5.12.2","lessThanOrEqual":"5.12.*","status":"unaffected","versionType":"semver"},{"version":"5.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.113","versionEndExcluding":"4.14.233"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.19","versionEndExcluding":"4.19.190"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.4.117"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.10.35"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.11.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.12.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20.6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4d542ddb88fb2f39bf7f14caa2902f3e8d06f6ba"},{"url":"https://git.kernel.org/stable/c/0e2dfdc74a7f4036127356d42ea59388f153f42c"},{"url":"https://git.kernel.org/stable/c/53e0db429b37a32b8fc706d0d90eb4583ad13848"},{"url":"https://git.kernel.org/stable/c/2cfa537674cd1051a3b8111536d77d0558f33d5d"},{"url":"https://git.kernel.org/stable/c/6eba92a4d4be8feb4dc33976abac544fa99d6ecc"},{"url":"https://git.kernel.org/stable/c/7cf64d8679ca1cb20cf57d6a88bfee79a0922a66"},{"url":"https://git.kernel.org/stable/c/b9b34ddbe2076ade359cd5ce7537d5ed019e9807"}],"title":"bpf: Fix masking negation logic upon negative dst register","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-46974","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-03-05T16:32:03.243683Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:13:10.865Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:17:43.104Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/4d542ddb88fb2f39bf7f14caa2902f3e8d06f6ba","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/0e2dfdc74a7f4036127356d42ea59388f153f42c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/53e0db429b37a32b8fc706d0d90eb4583ad13848","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/2cfa537674cd1051a3b8111536d77d0558f33d5d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6eba92a4d4be8feb4dc33976abac544fa99d6ecc","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/7cf64d8679ca1cb20cf57d6a88bfee79a0922a66","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b9b34ddbe2076ade359cd5ce7537d5ed019e9807","tags":["x_transferred"]}]}]}}