CVE-2021-46909: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-46909 is a vulnerability in the Linux kernel affecting the PCI interrupt mapping functionality. The issue was discovered in the ARM footbridge implementation where the PCI code calls the IRQ mapping function whenever a PCI driver is probed. The vulnerability was introduced by commit 30fdfb929e82 ("PCI: Add a call to pci_assign_irq() in pci_device_probe()"), which causes a kernel oops if a PCI driver is loaded or bound after the kernel has initialized (Kernel Commit).

The vulnerability stems from IRQ mapping functions being marked with __init, which means they are removed after kernel initialization. When these functions are called later during PCI driver probing, it results in a kernel oops. The issue specifically affects the ARM footbridge architecture's PCI interrupt mapping implementation, including cats, ebsa285, netwinder, and personal server configurations (Red Hat CVE). The vulnerability has been assigned a CVSS v3 base score of 4.4 (Low) by Red Hat, with attack vector being Local, attack complexity Low, and privileges required High (Red Hat CVE).

The vulnerability only affects unusual configurations of specific CPUs and impacts the availability of some system hardware. Due to these limitations, Red Hat has classified the impact of this vulnerability as Low (Red Hat CVE).

The issue has been fixed in various Linux kernel versions through patches that remove the __init markers from the IRQ mapping functions. Fixes have been implemented across multiple Linux distributions, including Ubuntu and Red Hat Enterprise Linux. For example, Ubuntu has fixed this in versions 5.4.0-74.83 for focal and 4.15.0-147.151 for bionic (Ubuntu Security).