CVE-2021-46928: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-46928 affects the Linux kernel's parisc architecture implementation. The vulnerability involves the handling of instruction access rights traps (trap 7) where the CPU fails to execute an instruction due to missing execute permissions on a memory region. The issue was discovered when it was found that the CPU doesn't fetch the instruction from memory and store it in the cr19 (IIR) register before calling the trap handler, resulting in random stale values being present (Kernel Patch).

The vulnerability occurs in the Linux kernel's trap handling mechanism for the parisc architecture. When an instruction access rights trap (trap 7) is triggered, the CPU fails to fetch the instruction from memory, leading to a situation where the cr19 (IIR) register contains stale values. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability affects Linux kernel versions up to (excluding) 5.10.90 and versions from (including) 5.11.0 up to (excluding) 5.15.13. The presence of stale values in the IIR register could potentially lead to confusion during debugging and system analysis (NVD).

The issue has been resolved by implementing a patch that overwrites the stale IIR value with a constant magic "bad food" value (0xbaadf00d). This prevents confusion from random IIR values appearing in trap 7 dumps. The fix has been implemented in the Linux kernel through multiple patch commits (Kernel Patch).