CVE-2021-47609

2024-06-1915:15:55

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

linux kernel

firmware

vulnerability

fix

arm_scpi

string overflow

scpi genpd driver

buffer overflow

device tree node

devm_kasprintf

dynamically allocated buffer

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON

In the Linux kernel, the following vulnerability has been resolved:

firmware: arm_scpi: Fix string overflow in SCPI genpd driver

Without the bound checks for scpi_pd->name, it could result in the buffer
overflow when copying the SCPI device name from the corresponding device
tree node as the name string is set at maximum size of 30.

Let us fix it by using devm_kasprintf so that the string buffer is
allocated dynamically.

Affected configurations

Vulners

Node

linuxlinux_kernelRange4.8–4.9.294

linuxlinux_kernelRange4.10.0–4.14.259

linuxlinux_kernelRange4.15.0–4.19.222

linuxlinux_kernelRange4.20.0–5.4.168

linuxlinux_kernelRange5.5.0–5.10.88

linuxlinux_kernelRange5.11.0–5.15.11

linuxlinux_kernelRange5.16.0≥

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/firmware/scpi_pm_domain.c"
    ],
    "versions": [
      {
        "version": "8bec4337ad40",
        "lessThan": "639901b9429a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8bec4337ad40",
        "lessThan": "4694b1ec425a",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8bec4337ad40",
        "lessThan": "7e8645ca2c00",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8bec4337ad40",
        "lessThan": "802a1a850156",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8bec4337ad40",
        "lessThan": "f0f484714f35",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8bec4337ad40",
        "lessThan": "976389cbb16c",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "8bec4337ad40",
        "lessThan": "865ed67ab955",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/firmware/scpi_pm_domain.c"
    ],
    "versions": [
      {
        "version": "4.8",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "4.8",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.9.294",
        "lessThanOrEqual": "4.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.14.259",
        "lessThanOrEqual": "4.14.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.222",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.168",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.88",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.11",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.16",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]