CVE-2021-46961

Name of the Vulnerable Software and Affected Versions Linux kernel versions 4.19.95.aarch64 and earlier

Description The vulnerability is related to the handling of spurious interrupts in the Linux kernel. When a spurious interrupt occurs, the kernel should not enable interrupts, but in this case, it does, leading to a nested NMI situation. This can cause a kernel panic and potentially allow an attacker to crash the system. The issue is caused by a 'BUG ON(in nmi())' in nmi enter(). Moving the handling of spurious interrupts as early as possible in the GICv3 handler fixes this issue.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, for Linux kernel version 4.19.95.aarch64, update to a newer version that includes the patch for irqchip/gic-v3: Do not enable irqs when handling spurious interrupts. As a temporary workaround, consider disabling the nmi enter() function until a patch is available. However, this is not a recommended long-term solution, as it may have unintended consequences on system stability and performance.