PT-2024-10333 · Linux+6 · Linux Kernel+6

Jakub Kicinski

Published

2024-02-28

Updated

2025-08-18

CVE-2021-46984

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to an out-of-bounds access when the thread is preempted between two calls to blk mq get ctx(). This can cause the program to read garbage if the second context (ctx) came from a hardware context (hctx) with more contexts than the first one. The problem manifested as a UBSAN array index out-of-bounds error. The error occurred because kyber bio merge() gets the ctx for the current CPU again and uses it to get the corresponding Kyber context in the passed hctx. However, the thread may be preempted between the two calls to blk mq get ctx(), and the ctx returned the second time may no longer correspond to the passed hctx.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129

Related Identifiers

ALSA-2024:7000

ALSA-2024:7001

BDU:2025-00813

CESA-2024_7000

CESA-2024_7001

CVE-2021-46984

INFSA-2024_7000

INFSA-2024_7001

OESA-2024-1483

OESA-2024-1484

OPENSUSE-SU-2024_1489-1

RHSA-2024:7000

RHSA-2024:7001

RHSA-2024_7000

RHSA-2024_7001

RLSA-2024:7001

SUSE-SU-2024:1454-1

SUSE-SU-2024:1465-1

SUSE-SU-2024:1489-1

SUSE-SU-2025:02846-1

SUSE-SU-2025_02846-1

Affected Products

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Rocky Linux

Suse

PT-2024-10333 · Linux+6 · Linux Kernel+6

CVE-2021-46984

Weakness Enumeration

Related Identifiers

Affected Products

References · 986