In the Linux kernel, the following vulnerability has been resolved:
io_uring: fix overflows checks in provide buffers Colin reported before
possible overflow and sign extension problems in io_provide_buffers_prep().
As Linus pointed out previous attempt did nothing useful, see d81269fecb8ce
(“io_uring: fix provide_buffers sign extension”). Do that with help of
check_<op>_overflow helpers. And fix struct io_provide_buf::len type, as it
doesn’t make much sense to keep it signed.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 23.10 | noarch | linux | < any | UNKNOWN |
ubuntu | 24.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
git.kernel.org/linus/38134ada0ceea3e848fe993263c0ff6207fd46e7 (5.13-rc1)
git.kernel.org/stable/c/38134ada0ceea3e848fe993263c0ff6207fd46e7
git.kernel.org/stable/c/51bf90901952aaac564bbdb36b2b503050c53dd9
git.kernel.org/stable/c/84b8c266c4bfe9ed5128e13253c388deb74b1b03
git.kernel.org/stable/c/cbbc13b115b8f18e0a714d89f87fbdc499acfe2d
launchpad.net/bugs/cve/CVE-2021-47040
nvd.nist.gov/vuln/detail/CVE-2021-47040
security-tracker.debian.org/tracker/CVE-2021-47040
www.cve.org/CVERecord?id=CVE-2021-47040