Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2021-47219
HistoryApr 10, 2024 - 7:15 p.m.

CVE-2021-47219

2024-04-1019:15:48
416baaa9-dc9f-4396-8d5f-8c081fb06d67
web.nvd.nist.gov
2
linux kernel
scsi_debug
out-of-bound read
vulnerability
resolved

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved:

scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()

The following issue was observed running syzkaller:

BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:377 [inline]
BUG: KASAN: slab-out-of-bounds in sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831
Read of size 2132 at addr ffff8880aea95dc8 by task syz-executor.0/9815

CPU: 0 PID: 9815 Comm: syz-executor.0 Not tainted 4.19.202-00874-gfc0fe04215a9 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0xe4/0x14a lib/dump_stack.c:118
print_address_description+0x73/0x280 mm/kasan/report.c:253
kasan_report_error mm/kasan/report.c:352 [inline]
kasan_report+0x272/0x370 mm/kasan/report.c:410
memcpy+0x1f/0x50 mm/kasan/kasan.c:302
memcpy include/linux/string.h:377 [inline]
sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831
fill_from_dev_buffer+0x14f/0x340 drivers/scsi/scsi_debug.c:1021
resp_report_tgtpgs+0x5aa/0x770 drivers/scsi/scsi_debug.c:1772
schedule_resp+0x464/0x12f0 drivers/scsi/scsi_debug.c:4429
scsi_debug_queuecommand+0x467/0x1390 drivers/scsi/scsi_debug.c:5835
scsi_dispatch_cmd+0x3fc/0x9b0 drivers/scsi/scsi_lib.c:1896
scsi_request_fn+0x1042/0x1810 drivers/scsi/scsi_lib.c:2034
__blk_run_queue_uncond block/blk-core.c:464 [inline]
__blk_run_queue+0x1a4/0x380 block/blk-core.c:484
blk_execute_rq_nowait+0x1c2/0x2d0 block/blk-exec.c:78
sg_common_write.isra.19+0xd74/0x1dc0 drivers/scsi/sg.c:847
sg_write.part.23+0x6e0/0xd00 drivers/scsi/sg.c:716
sg_write+0x64/0xa0 drivers/scsi/sg.c:622
__vfs_write+0xed/0x690 fs/read_write.c:485
kill_bdev:block_device:00000000e138492c
vfs_write+0x184/0x4c0 fs/read_write.c:549
ksys_write+0x107/0x240 fs/read_write.c:599
do_syscall_64+0xc2/0x560 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe

We get ‘alen’ from command its type is int. If userspace passes a large
length we will get a negative ‘alen’.

Switch n, alen, and rlen to u32.

Related

ubuntucve 1
cvelist 1
redhatcve 1
vulnrichment 1
debiancve 1
cve 1
openvas 4
nessus 5
ubuntucve
ubuntucve
CVE-2021-47219
2024-04-10 00:00:00
cvelist
cvelist
CVE-2021-47219 scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
2024-04-10 19:01:57
redhatcve
redhatcve
CVE-2021-47219
2024-04-11 19:24:09
vulnrichment
vulnrichment
CVE-2021-47219 scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
2024-04-10 19:01:57
debiancve
debiancve
CVE-2021-47219
2024-04-10 19:15:48
cve
cve
CVE-2021-47219
2024-04-10 19:15:48
openvas
openvas
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1647-1)
2024-05-24 00:00:00
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1641-1)
2024-05-24 00:00:00
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1644-1)
2024-05-24 00:00:00
nessus
nessus
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1641-1)
2024-05-15 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)
2024-05-15 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1659-1)
2024-05-16 00:00:00

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON
Related for NVD:CVE-2021-47219
ubuntucve1cvelist1redhatcve1vulnrichment1debiancve1cve1openvas4nessus5