CVE-2021-46993

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 28, 2024
Updated: Dec 24, 2024
CWE ID 125

Summary

CVE-2021-46993 is a vulnerability affecting the Linux kernel's scheduling component. This issue arises due to an out-of-bound access in the uclamp subsystem. Util-clamp, a performance optimization feature for task scheduling, places tasks in different buckets based on their clamp values. However, the size of these buckets is calculated using a rounding division, leading to an off-by-one error in specific configurations. For instance, with 20 buckets, a task with a clamp value of 1024 could be erroneously mapped to bucket id 20. This results in an out-of-bound memory access, as correct indexes fall within the range of [0,19]. To address this vulnerability, the Linux kernel has been updated to clamp the bucket id to prevent out-of-bound access.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share