CVE-2021-46910: 
Linux Kernel vulnerability analysis and mitigation

The Linux kernel vulnerability CVE-2021-46910 affects the debugging code for kmap_local() functionality. The issue was discovered in the Linux kernel versions from 5.11.0 up to (excluding) 5.11.16. The vulnerability occurs when the debugging code doubles the number of per-CPU fixmap slots allocated for kmap_local(), using half of them as guard regions, which can cause the fixmap region to grow beyond its reserved window (NVD, Kernel Patch).

The vulnerability manifests when a kernel is built with NR_CPUS=32 and CONFIG_DEBUG_KMAP_LOCAL=y configurations. In this scenario, the fixmap region grows downwards beyond its reserved window and collides with the virtual DT mapping below it. This becomes particularly problematic during EFI boot when the FDT is passed in highmem, causing the fixmap code to misidentify block entries below the fixmap region as fixmap table entries. The code then attempts to dereference these entries using a phys-to-virt translation that is only valid for lowmem, resulting in kernel paging request errors (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (NVD).

When exploited, this vulnerability can lead to system crashes due to invalid memory access attempts. The primary impact is on system availability, as evidenced by the kernel's inability to handle paging requests at specific virtual addresses, resulting in kernel oops and potential system instability (Kernel Patch).

The issue has been resolved by limiting CONFIG_NR_CPUS to 16 when CONFIG_DEBUG_KMAP_LOCAL=y is enabled. Additionally, the BUILD_BUG_ON() check has been fixed to properly verify whether the region grows below the start address rather than above the end address. These changes were implemented in the kernel patch to prevent the fixmap region from exceeding its allocated space (Kernel Patch).