CVE-2021-46915: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-46915 is a vulnerability in the Linux kernel's netfilter component, specifically in the nft_limit_init function. The issue was discovered in February 2024 and affects Linux kernel versions from 4.13.0 up to versions before 4.14.232, 4.19.189, 5.4.114, 5.10.32, and 5.11.16. The vulnerability stems from an inappropriate math function selection in the netfilter's nft_limit implementation (NVD).

The vulnerability occurs due to the use of div_u64() function which divides u64 by u32, while nft_limit_init() requires division of u64 by u64. This mismatch in data types can lead to a divide error in the nft_limit_init function. The issue specifically manifests in the netfilter component when calculating token values using incorrect division operations (Kernel Patch). The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat).

The vulnerability can result in a denial of service condition through a divide error in the kernel's netfilter component. When exploited, it can cause system availability issues by triggering a kernel crash, affecting the overall system stability (Red Hat).

The vulnerability has been fixed by replacing div_u64() with div64_u64() in the nft_limit_init function. The fix has been implemented in various kernel versions through patches. System administrators should update their Linux kernel to the patched versions: 4.14.232 or later, 4.19.189 or later, 5.4.114 or later, 5.10.32 or later, or 5.11.16 or later (Kernel Patch).