[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-46933":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T02:53:27.892Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":29,"downstream":30,"duplicates":57,"related":58,"reserved_at":9,"published_at":69,"modified_at":70,"state":71,"summary":72,"references_raw":81,"kevs":116,"epss":117,"epss_history":120,"metrics":374,"affected":382},"CVE-2021-46933","In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.\n\nffs_data_clear is indirectly called from both ffs_fs_kill_sb and\nffs_ep0_release, so it ends up being called twice when userland closes ep0\nand then unmounts f_fs.\nIf userland provided an eventfd along with function's USB descriptors, it\nends up calling eventfd_ctx_put as many times, causing a refcount\nunderflow.\nNULL-ify ffs_eventfd to prevent these extraneous eventfd_ctx_put calls.\n\nAlso, set epfiles to NULL right after de-allocating it, for readability.\n\nFor completeness, ffs_data_clear actually ends up being called thrice, the\nlast call being before the whole ffs structure gets freed, so when this\nspecific sequence happens there is a second underflow happening (but not\nbeing reported):\n\n/sys/kernel/debug/tracing# modprobe usb_f_fs\n/sys/kernel/debug/tracing# echo ffs_data_clear > set_ftrace_filter\n/sys/kernel/debug/tracing# echo function > current_tracer\n/sys/kernel/debug/tracing# echo 1 > tracing_on\n(setup gadget, run and kill function userland process, teardown gadget)\n/sys/kernel/debug/tracing# echo 0 > tracing_on\n/sys/kernel/debug/tracing# cat trace\n smartcard-openp-436     [000] .....  1946.208786: ffs_data_clear \u003C-ffs_data_closed\n smartcard-openp-431     [000] .....  1946.279147: ffs_data_clear \u003C-ffs_data_closed\n smartcard-openp-431     [000] .n...  1946.905512: ffs_data_clear \u003C-ffs_data_put\n\nWarning output corresponding to above trace:\n[ 1946.284139] WARNING: CPU: 0 PID: 431 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15c\n[ 1946.293094] refcount_t: underflow; use-after-free.\n[ 1946.298164] Modules linked in: usb_f_ncm(E) u_ether(E) usb_f_fs(E) hci_uart(E) btqca(E) btrtl(E) btbcm(E) btintel(E) bluetooth(E) nls_ascii(E) nls_cp437(E) vfat(E) fat(E) bcm2835_v4l2(CE) bcm2835_mmal_vchiq(CE) videobuf2_vmalloc(E) videobuf2_memops(E) sha512_generic(E) videobuf2_v4l2(E) sha512_arm(E) videobuf2_common(E) videodev(E) cpufreq_dt(E) snd_bcm2835(CE) brcmfmac(E) mc(E) vc4(E) ctr(E) brcmutil(E) snd_soc_core(E) snd_pcm_dmaengine(E) drbg(E) snd_pcm(E) snd_timer(E) snd(E) soundcore(E) drm_kms_helper(E) cec(E) ansi_cprng(E) rc_core(E) syscopyarea(E) raspberrypi_cpufreq(E) sysfillrect(E) sysimgblt(E) cfg80211(E) max17040_battery(OE) raspberrypi_hwmon(E) fb_sys_fops(E) regmap_i2c(E) ecdh_generic(E) rfkill(E) ecc(E) bcm2835_rng(E) rng_core(E) vchiq(CE) leds_gpio(E) libcomposite(E) fuse(E) configfs(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) sdhci_iproc(E) sdhci_pltfm(E) sdhci(E)\n[ 1946.399633] CPU: 0 PID: 431 Comm: smartcard-openp Tainted: G         C OE     5.15.0-1-rpi #1  Debian 5.15.3-1\n[ 1946.417950] Hardware name: BCM2835\n[ 1946.425442] Backtrace:\n[ 1946.432048] [\u003Cc08d60a0>] (dump_backtrace) from [\u003Cc08d62ec>] (show_stack+0x20/0x24)\n[ 1946.448226]  r7:00000009 r6:0000001c r5:c04a948c r4:c0a64e2c\n[ 1946.458412] [\u003Cc08d62cc>] (show_stack) from [\u003Cc08d9ae0>] (dump_stack+0x28/0x30)\n[ 1946.470380] [\u003Cc08d9ab8>] (dump_stack) from [\u003Cc0123500>] (__warn+0xe8/0x154)\n[ 1946.482067]  r5:c04a948c r4:c0a71dc8\n[ 1946.490184] [\u003Cc0123418>] (__warn) from [\u003Cc08d6948>] (warn_slowpath_fmt+0xa0/0xe4)\n[ 1946.506758]  r7:00000009 r6:0000001c r5:c0a71dc8 r4:c0a71e04\n[ 1946.517070] [\u003Cc08d68ac>] (warn_slowpath_fmt) from [\u003Cc04a948c>] (refcount_warn_saturate+0x110/0x15c)\n[ 1946.535309]  r8:c0100224 r7:c0dfcb84 r6:ffffffff r5:c3b84c00 r4:c24a17c0\n[ 1946.546708] [\u003Cc04a937c>] (refcount_warn_saturate) from [\u003Cc0380134>] (eventfd_ctx_put+0x48/0x74)\n[ 1946.564476] [\u003Cc03800ec>] (eventfd_ctx_put) from [\u003Cbf5464e8>] (ffs_data_clear+0xd0/0x118 [usb_f_fs])\n[ 1946.582664]  r5:c3b84c00 r4:c2695b00\n[ 1946.590668] [\u003Cbf546418>] (ffs_data_clear [usb_f_fs]) from [\u003Cbf547cc0>] (ffs_data_closed+0x9c/0x150 [usb_f_fs])\n[ 1946.609608]  r5:bf54d014 r4:c2695b00\n[ 1946.617522] [\u003Cbf547c24>] (ffs_data_closed [usb_f_fs]) from [\u003Cbf547da0>] (ffs_fs_kill_sb+0x2c/0x30 [usb_f_fs])\n[ 1946.636217]  r7:c0dfcb\n---truncated---",null,[11,20],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-416","Use After Free","The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory \"belongs\" to the code that operates on the new pointer.","weakness","Stable","Variant","High",[],{"_key":21,"id":21,"name":22,"description":23,"type":15,"status":16,"abstraction":24,"likelihood_of_exploit":25,"capec":26},"CWE-476","NULL Pointer Dereference","The product dereferences a pointer that it expects to be valid but is NULL.","Base","Medium",[],[],[],[],[31,33,35,37,39,41,43,45,47,49,51,53,55],{"_key":32},"SUSE-SU-2024:1321-1",{"_key":34},"SUSE-SU-2024:1465-1",{"_key":36},"SUSE-SU-2024:1489-1",{"_key":38},"SUSE-SU-2024:1979-1",{"_key":40},"SUSE-SU-2024:1983-1",{"_key":42},"SUSE-SU-2024:2184-1",{"_key":44},"SUSE-SU-2024:1320-1",{"_key":46},"SUSE-SU-2024:1466-1",{"_key":48},"SUSE-SU-2024:1480-1",{"_key":50},"SUSE-SU-2024:1490-1",{"_key":52},"DEBIAN-CVE-2021-46933",{"_key":54},"UBUNTU-CVE-2021-46933",{"_key":56},"USN-6938-1",[],[59,60,61,62,63,64,65,66,67,68],{"_key":32},{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":46},{"_key":48},{"_key":50},"2024-02-27T09:44:00.758Z","2026-05-11T13:44:42.774Z","Modified",{"cisa_kev":73,"cisa_ransomware":73,"cisa_vendor":9,"epss_severity":74,"epss_score":75,"severity":76,"severity_score":77,"severity_version":78,"severity_source":79,"severity_vector":80,"severity_status":71},false,"low",0.00015,"medium",5.5,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",[82,88,92,96,100,104,108,112],{"url":83,"sources":84,"tags":86},"https://git.kernel.org/stable/c/f976dd7011150244a7ba820f2c331e9fb253befa",[79,85],"nvd",[87],"Patch",{"url":89,"sources":90,"tags":91},"https://git.kernel.org/stable/c/cc8c8028c21b2a3842a1e98e99e55028df275919",[79,85],[87],{"url":93,"sources":94,"tags":95},"https://git.kernel.org/stable/c/52500239e3f2d6fc77b6f58632a9fb98fe74ac09",[79,85],[87],{"url":97,"sources":98,"tags":99},"https://git.kernel.org/stable/c/33f6a0cbb7772146e1c11f38028fffbfed14728b",[79,85],[87],{"url":101,"sources":102,"tags":103},"https://git.kernel.org/stable/c/240fc586e83d645912accce081a48aa63a45f6ee",[79,85],[87],{"url":105,"sources":106,"tags":107},"https://git.kernel.org/stable/c/1c4ace3e6b8575745c50dca9e76e0021e697d645",[79,85],[87],{"url":109,"sources":110,"tags":111},"https://git.kernel.org/stable/c/ebef2aa29f370b5096c16020c104e393192ef684",[79,85],[87],{"url":113,"sources":114,"tags":115},"https://git.kernel.org/stable/c/b1e0887379422975f237d43d8839b751a6bcf154",[79,85],[87],[],{"date":118,"score":75,"percentile":119},"2026-06-03",0.03464,[121,124,127,130,133,136,138,140,143,146,149,152,155,158,161,165,168,171,174,177,180,183,186,189,192,195,198,201,204,207,210,212,215,217,220,222,225,228,231,234,237,239,242,245,248,251,254,257,260,263,266,269,272,275,278,281,283,286,289,292,295,298,301,303,306,309,312,315,318,321,323,325,328,331,333,336,338,341,344,347,350,353,355,357,359,361,363,366,368,371],{"date":122,"score":75,"percentile":123},"2025-11-04",0.02248,{"date":125,"score":75,"percentile":126},"2025-11-05",0.02276,{"date":128,"score":75,"percentile":129},"2025-11-06",0.02299,{"date":131,"score":75,"percentile":132},"2025-11-07",0.02312,{"date":134,"score":75,"percentile":135},"2025-11-08",0.02326,{"date":137,"score":75,"percentile":135},"2025-11-09",{"date":139,"score":75,"percentile":129},"2025-11-10",{"date":141,"score":75,"percentile":142},"2025-11-11",0.02311,{"date":144,"score":75,"percentile":145},"2025-11-12",0.0232,{"date":147,"score":75,"percentile":148},"2025-11-13",0.02352,{"date":150,"score":75,"percentile":151},"2025-11-14",0.02368,{"date":153,"score":75,"percentile":154},"2025-11-15",0.02393,{"date":156,"score":75,"percentile":157},"2025-11-16",0.02394,{"date":159,"score":75,"percentile":160},"2025-11-17",0.02379,{"date":162,"score":163,"percentile":164},"2025-11-18",0.00121,0.26354,{"date":166,"score":163,"percentile":167},"2025-11-19",0.26376,{"date":169,"score":163,"percentile":170},"2025-11-20",0.26382,{"date":172,"score":75,"percentile":173},"2025-11-21",0.02448,{"date":175,"score":75,"percentile":176},"2025-11-22",0.02446,{"date":178,"score":75,"percentile":179},"2025-11-23",0.02438,{"date":181,"score":75,"percentile":182},"2025-11-24",0.02425,{"date":184,"score":75,"percentile":185},"2025-11-25",0.02407,{"date":187,"score":75,"percentile":188},"2025-11-26",0.02395,{"date":190,"score":75,"percentile":191},"2025-11-27",0.0239,{"date":193,"score":75,"percentile":194},"2025-11-28",0.02392,{"date":196,"score":75,"percentile":197},"2025-11-29",0.02441,{"date":199,"score":75,"percentile":200},"2025-11-30",0.0244,{"date":202,"score":75,"percentile":203},"2025-12-01",0.02496,{"date":205,"score":75,"percentile":206},"2025-12-02",0.02489,{"date":208,"score":75,"percentile":209},"2025-12-03",0.0249,{"date":211,"score":75,"percentile":182},"2025-12-04",{"date":213,"score":75,"percentile":214},"2025-12-05",0.02439,{"date":216,"score":75,"percentile":173},"2025-12-06",{"date":218,"score":75,"percentile":219},"2025-12-07",0.02453,{"date":221,"score":75,"percentile":173},"2025-12-08",{"date":223,"score":75,"percentile":224},"2025-12-09",0.02466,{"date":226,"score":75,"percentile":227},"2025-12-10",0.02491,{"date":229,"score":75,"percentile":230},"2025-12-11",0.025,{"date":232,"score":75,"percentile":233},"2025-12-12",0.02514,{"date":235,"score":75,"percentile":236},"2025-12-13",0.02498,{"date":238,"score":75,"percentile":230},"2025-12-14",{"date":240,"score":75,"percentile":241},"2025-12-15",0.02492,{"date":243,"score":75,"percentile":244},"2025-12-16",0.02488,{"date":246,"score":75,"percentile":247},"2025-12-17",0.02504,{"date":249,"score":75,"percentile":250},"2025-12-18",0.02511,{"date":252,"score":75,"percentile":253},"2025-12-19",0.02519,{"date":255,"score":75,"percentile":256},"2025-12-20",0.02516,{"date":258,"score":75,"percentile":259},"2025-12-21",0.02523,{"date":261,"score":75,"percentile":262},"2025-12-22",0.02521,{"date":264,"score":75,"percentile":265},"2025-12-23",0.02528,{"date":267,"score":75,"percentile":268},"2025-12-24",0.02532,{"date":270,"score":75,"percentile":271},"2025-12-25",0.02539,{"date":273,"score":75,"percentile":274},"2025-12-26",0.02542,{"date":276,"score":75,"percentile":277},"2025-12-27",0.0253,{"date":279,"score":75,"percentile":280},"2025-12-28",0.0254,{"date":282,"score":75,"percentile":277},"2025-12-29",{"date":284,"score":75,"percentile":285},"2025-12-30",0.02527,{"date":287,"score":75,"percentile":288},"2025-12-31",0.02513,{"date":290,"score":75,"percentile":291},"2026-01-01",0.02579,{"date":293,"score":75,"percentile":294},"2026-01-02",0.02582,{"date":296,"score":75,"percentile":297},"2026-01-03",0.02581,{"date":299,"score":75,"percentile":300},"2026-01-04",0.02509,{"date":302,"score":75,"percentile":233},"2026-01-05",{"date":304,"score":75,"percentile":305},"2026-01-06",0.02502,{"date":307,"score":75,"percentile":308},"2026-01-07",0.0252,{"date":310,"score":75,"percentile":311},"2026-01-08",0.02545,{"date":313,"score":75,"percentile":314},"2026-01-09",0.0256,{"date":316,"score":75,"percentile":317},"2026-01-10",0.02568,{"date":319,"score":75,"percentile":320},"2026-01-11",0.0255,{"date":322,"score":75,"percentile":300},"2026-01-12",{"date":324,"score":75,"percentile":230},"2026-01-13",{"date":326,"score":75,"percentile":327},"2026-01-14",0.02501,{"date":329,"score":75,"percentile":330},"2026-01-15",0.02493,{"date":332,"score":75,"percentile":227},"2026-01-16",{"date":334,"score":75,"percentile":335},"2026-01-17",0.02495,{"date":337,"score":75,"percentile":230},"2026-01-18",{"date":339,"score":75,"percentile":340},"2026-01-19",0.02487,{"date":342,"score":75,"percentile":343},"2026-01-20",0.02474,{"date":345,"score":75,"percentile":346},"2026-01-21",0.02467,{"date":348,"score":75,"percentile":349},"2026-01-22",0.02464,{"date":351,"score":75,"percentile":352},"2026-01-23",0.02472,{"date":354,"score":75,"percentile":335},"2026-01-24",{"date":356,"score":75,"percentile":227},"2026-01-25",{"date":358,"score":75,"percentile":340},"2026-01-26",{"date":360,"score":75,"percentile":340},"2026-01-27",{"date":362,"score":75,"percentile":209},"2026-01-28",{"date":364,"score":75,"percentile":365},"2026-01-29",0.02512,{"date":367,"score":75,"percentile":262},"2026-01-30",{"date":369,"score":75,"percentile":370},"2026-01-31",0.02543,{"date":372,"score":75,"percentile":373},"2026-02-01",0.02606,[375,380],{"source":79,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":376,"cvss_v4_0":9},{"baseScore":77,"baseSeverity":377,"vectorString":80,"impactScore":378,"exploitabilityScore":379},"MEDIUM",6,4.6,{"source":85,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":381,"cvss_v4_0":9},{"baseScore":77,"baseSeverity":377,"vectorString":80,"impactScore":378,"exploitabilityScore":379},[383,418],{"ecosystem":9,"name":384,"vendor":385,"product":385,"cpe_part":386,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":387},"Linux","linux","a",[388,395,398,401,404,407,410,413,416],{"version":389,"is_range":390,"range_type":79,"version_start":391,"version_start_type":392,"version_end":393,"version_end_type":394,"fixed_in":9},">= 5e33f6fdf735cda1d4580fe6f1878da05718fe73, \u003C f976dd7011150244a7ba820f2c331e9fb253befa",true,"5e33f6fdf735cda1d4580fe6f1878da05718fe73","including","f976dd7011150244a7ba820f2c331e9fb253befa","excluding",{"version":396,"is_range":390,"range_type":79,"version_start":391,"version_start_type":392,"version_end":397,"version_end_type":394,"fixed_in":9},">= 5e33f6fdf735cda1d4580fe6f1878da05718fe73, \u003C cc8c8028c21b2a3842a1e98e99e55028df275919","cc8c8028c21b2a3842a1e98e99e55028df275919",{"version":399,"is_range":390,"range_type":79,"version_start":391,"version_start_type":392,"version_end":400,"version_end_type":394,"fixed_in":9},">= 5e33f6fdf735cda1d4580fe6f1878da05718fe73, \u003C 52500239e3f2d6fc77b6f58632a9fb98fe74ac09","52500239e3f2d6fc77b6f58632a9fb98fe74ac09",{"version":402,"is_range":390,"range_type":79,"version_start":391,"version_start_type":392,"version_end":403,"version_end_type":394,"fixed_in":9},">= 5e33f6fdf735cda1d4580fe6f1878da05718fe73, \u003C 33f6a0cbb7772146e1c11f38028fffbfed14728b","33f6a0cbb7772146e1c11f38028fffbfed14728b",{"version":405,"is_range":390,"range_type":79,"version_start":391,"version_start_type":392,"version_end":406,"version_end_type":394,"fixed_in":9},">= 5e33f6fdf735cda1d4580fe6f1878da05718fe73, \u003C 240fc586e83d645912accce081a48aa63a45f6ee","240fc586e83d645912accce081a48aa63a45f6ee",{"version":408,"is_range":390,"range_type":79,"version_start":391,"version_start_type":392,"version_end":409,"version_end_type":394,"fixed_in":9},">= 5e33f6fdf735cda1d4580fe6f1878da05718fe73, \u003C 1c4ace3e6b8575745c50dca9e76e0021e697d645","1c4ace3e6b8575745c50dca9e76e0021e697d645",{"version":411,"is_range":390,"range_type":79,"version_start":391,"version_start_type":392,"version_end":412,"version_end_type":394,"fixed_in":9},">= 5e33f6fdf735cda1d4580fe6f1878da05718fe73, \u003C ebef2aa29f370b5096c16020c104e393192ef684","ebef2aa29f370b5096c16020c104e393192ef684",{"version":414,"is_range":390,"range_type":79,"version_start":391,"version_start_type":392,"version_end":415,"version_end_type":394,"fixed_in":9},">= 5e33f6fdf735cda1d4580fe6f1878da05718fe73, \u003C b1e0887379422975f237d43d8839b751a6bcf154","b1e0887379422975f237d43d8839b751a6bcf154",{"version":417,"is_range":73,"range_type":79,"version_start":417,"version_start_type":392,"version_end":417,"version_end_type":392,"fixed_in":9},"4.0",{"ecosystem":9,"name":419,"vendor":385,"product":420,"cpe_part":421,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":422},"linux kernel","linux_kernel","o",[423,428,432,436,440,444,448],{"version":424,"is_range":390,"range_type":425,"version_start":426,"version_start_type":392,"version_end":427,"version_end_type":394,"fixed_in":9},"gte4.0.0_lt4.4.298","cpe","4.0.0","4.4.298",{"version":429,"is_range":390,"range_type":425,"version_start":430,"version_start_type":392,"version_end":431,"version_end_type":394,"fixed_in":9},"gte4.5.0_lt4.9.296","4.5.0","4.9.296",{"version":433,"is_range":390,"range_type":425,"version_start":434,"version_start_type":392,"version_end":435,"version_end_type":394,"fixed_in":9},"gte4.10.0_lt4.14.261","4.10.0","4.14.261",{"version":437,"is_range":390,"range_type":425,"version_start":438,"version_start_type":392,"version_end":439,"version_end_type":394,"fixed_in":9},"gte4.15.0_lt4.19.224","4.15.0","4.19.224",{"version":441,"is_range":390,"range_type":425,"version_start":442,"version_start_type":392,"version_end":443,"version_end_type":394,"fixed_in":9},"gte4.20.0_lt5.4.170","4.20.0","5.4.170",{"version":445,"is_range":390,"range_type":425,"version_start":446,"version_start_type":392,"version_end":447,"version_end_type":394,"fixed_in":9},"gte5.5.0_lt5.10.90","5.5.0","5.10.90",{"version":449,"is_range":390,"range_type":425,"version_start":450,"version_start_type":392,"version_end":451,"version_end_type":394,"fixed_in":9},"gte5.11.0_lt5.15.13","5.11.0","5.15.13"]