CVE-2021-46993
CVSS 3.1 Score 7.1 of 10 (high)
Details
Summary
CVE-2021-46993 is a vulnerability affecting the Linux kernel's scheduling component. This issue arises due to an out-of-bound access in the uclamp subsystem. Util-clamp, a performance optimization feature for task scheduling, places tasks in different buckets based on their clamp values. However, the size of these buckets is calculated using a rounding division, leading to an off-by-one error in specific configurations. For instance, with 20 buckets, a task with a clamp value of 1024 could be erroneously mapped to bucket id 20. This results in an out-of-bound memory access, as correct indexes fall within the range of [0,19]. To address this vulnerability, the Linux kernel has been updated to clamp the bucket id to prevent out-of-bound access.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Linux Kernel
Affected Vendors
- LINUX