Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistLinuxCVELIST:CVE-2021-47339
HistoryMay 21, 2024 - 2:35 p.m.

CVE-2021-47339 media: v4l2-core: explicitly clear ioctl input data

2024-05-2114:35:47
Linux
www.cve.org
7
linux kernel
vulnerability
fix
uninitialized kernel stack data
driver ioctl handlers
information leak
ioctl buffer

AI Score

6.2

Confidence

Low

EPSS

0

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

media: v4l2-core: explicitly clear ioctl input data

As seen from a recent syzbot bug report, mistakes in the compat ioctl
implementation can lead to uninitialized kernel stack data getting used
as input for driver ioctl handlers.

The reported bug is now fixed, but it’s possible that other related
bugs are still present or get added in the future. As the drivers need
to check user input already, the possible impact is fairly low, but it
might still cause an information leak.

To be on the safe side, always clear the entire ioctl buffer before
calling the conversion handler functions that are meant to initialize
them.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/media/v4l2-core/v4l2-ioctl.c"
    ],
    "versions": [
      {
        "version": "1da177e4c3f4",
        "lessThan": "dc02c0b2bd60",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "bfb48b54db25",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "1da177e4c3f4",
        "lessThan": "7b53cca764f9",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/media/v4l2-core/v4l2-ioctl.c"
    ],
    "versions": [
      {
        "version": "5.12.18",
        "lessThanOrEqual": "5.12.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.13.3",
        "lessThanOrEqual": "5.13.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.14",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

redhatcve 1
nvd 1
osv 1
debiancve 1
vulnrichment 1
ubuntucve 1
cve 1
redhatcve
redhatcve
CVE-2021-47339
2024-05-22 11:58:24
nvd
nvd
CVE-2021-47339
2024-05-21 15:15:20
osv
osv
CVE-2021-47339
2024-05-21 15:15:00
debiancve
debiancve
CVE-2021-47339
2024-05-21 15:15:20
vulnrichment
vulnrichment
CVE-2021-47339 media: v4l2-core: explicitly clear ioctl input data
2024-05-21 14:35:47
ubuntucve
ubuntucve
CVE-2021-47339
2024-05-21 00:00:00
cve
cve
CVE-2021-47339
2024-05-21 15:15:20

AI Score

6.2

Confidence

Low

EPSS

0

Percentile

15.5%

JSON
Related for CVELIST:CVE-2021-47339
redhatcve1nvd1osv1debiancve1vulnrichment1ubuntucve1cve1