CVE-2021-46917: dmaengine: idxd: fix wq cleanup of WQCFG registers
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: fix wq cleanup of WQCFG registers
A pre-release silicon erratum workaround where wq reset does not clear
WQCFG registers was leaked into upstream code. Use wq reset command
instead of blasting the MMIO region. This also address an issue where
we clobber registers in future devices.
Security readout for executives and security teams
Plain-English summary
This Linux kernel issue concerns cleanup of idxd work queue configuration registers. The upstream code kept a pre-release hardware workaround that could write across an MMIO region and affect registers on future devices. The business risk is unclear because no CVSS score, CWE, impact statement, or exploitation evidence is provided.
Executive priority
Treat this as a normal kernel maintenance item unless your environment depends on affected idxd hardware paths. There is no cited exploitation evidence, but kernel register-handling defects should not remain untracked on production systems.
Technical view
CVE-2021-46917 is fixed by changing idxd work queue cleanup to use the work queue reset command instead of manually clearing WQCFG MMIO registers. Sources state the previous behavior came from a pre-release silicon erratum workaround and could clobber registers in future devices.
Likely exposure
Exposure appears limited to Linux systems running affected kernel versions with the dmaengine idxd driver path relevant. The source lists affected Linux kernel versions including 5.8, 5.10.32, 5.11.16, and 5.12, but does not provide distribution package mappings.
Exploitation context
The source bundle marks this CVE as not in KEV and provides no public exploitation claim. The available description is a kernel correctness and hardware-register handling fix, not evidence of active exploitation or a documented attack path.
Researcher notes
Evidence is sparse: no CVSS, CWE, privilege requirement, crash impact, or exploitability analysis is included. The strongest source detail is the upstream fix rationale: replace manual WQCFG MMIO clearing with a work queue reset to avoid clobbering registers.
Mitigation direction
Update affected Linux kernels through trusted vendor or distribution channels.
Confirm the update includes one of the referenced stable kernel fixes.
Prioritize systems where the idxd dmaengine driver is enabled or relevant.
Monitor Linux and distribution advisories for impact or backport clarification.
Validation and detection
Inventory Linux kernel versions across servers and appliances.
Check vendor kernel changelogs for CVE-2021-46917 or referenced commit IDs.
Identify whether the idxd dmaengine driver is present or loaded.
Record exceptions where vendor backports fix the issue without version changes.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-46917 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.