Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2021-47219
HistoryApr 10, 2024 - 12:00 a.m.

CVE-2021-47219

2024-04-1000:00:00
ubuntu.com
ubuntu.com
6
linux kernel scsi_debug
out-of-bound read
kasan bug
syzkaller
buffer overflow
qemu
hardware
vulnerability
memcpy
sg_copy_buffer
schedule_resp
scsi_debug_queuecommand
scsi_dispatch_cmd
blk_execute_rq_nowait
sg_common_write
vfs_write
ksys_write

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

In the Linux kernel, the following vulnerability has been resolved: scsi:
scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() The following
issue was observed running syzkaller: BUG: KASAN: slab-out-of-bounds in
memcpy include/linux/string.h:377 [inline] BUG: KASAN: slab-out-of-bounds
in sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831 Read of size 2132 at
addr ffff8880aea95dc8 by task syz-executor.0/9815 CPU: 0 PID: 9815 Comm:
syz-executor.0 Not tainted 4.19.202-00874-gfc0fe04215a9 #2 Hardware name:
QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xe4/0x14a
lib/dump_stack.c:118 print_address_description+0x73/0x280
mm/kasan/report.c:253 kasan_report_error mm/kasan/report.c:352 [inline]
kasan_report+0x272/0x370 mm/kasan/report.c:410 memcpy+0x1f/0x50
mm/kasan/kasan.c:302 memcpy include/linux/string.h:377 [inline]
sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831
fill_from_dev_buffer+0x14f/0x340 drivers/scsi/scsi_debug.c:1021
resp_report_tgtpgs+0x5aa/0x770 drivers/scsi/scsi_debug.c:1772
schedule_resp+0x464/0x12f0 drivers/scsi/scsi_debug.c:4429
scsi_debug_queuecommand+0x467/0x1390 drivers/scsi/scsi_debug.c:5835
scsi_dispatch_cmd+0x3fc/0x9b0 drivers/scsi/scsi_lib.c:1896
scsi_request_fn+0x1042/0x1810 drivers/scsi/scsi_lib.c:2034
__blk_run_queue_uncond block/blk-core.c:464 [inline]
__blk_run_queue+0x1a4/0x380 block/blk-core.c:484
blk_execute_rq_nowait+0x1c2/0x2d0 block/blk-exec.c:78
sg_common_write.isra.19+0xd74/0x1dc0 drivers/scsi/sg.c:847
sg_write.part.23+0x6e0/0xd00 drivers/scsi/sg.c:716 sg_write+0x64/0xa0
drivers/scsi/sg.c:622 __vfs_write+0xed/0x690 fs/read_write.c:485
kill_bdev:block_device:00000000e138492c vfs_write+0x184/0x4c0
fs/read_write.c:549 ksys_write+0x107/0x240 fs/read_write.c:599
do_syscall_64+0xc2/0x560 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe We get ‘alen’ from command its
type is int. If userspace passes a large length we will get a negative
‘alen’. Switch n, alen, and rlen to u32.

Related

cvelist 1
redhatcve 1
vulnrichment 1
debiancve 1
cve 1
nvd 1
nessus 5
openvas 4
cvelist
cvelist
CVE-2021-47219 scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
2024-04-10 19:01:57
redhatcve
redhatcve
CVE-2021-47219
2024-04-11 19:24:09
vulnrichment
vulnrichment
CVE-2021-47219 scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
2024-04-10 19:01:57
debiancve
debiancve
CVE-2021-47219
2024-04-10 19:15:48
cve
cve
CVE-2021-47219
2024-04-10 19:15:48
nvd
nvd
CVE-2021-47219
2024-04-10 19:15:48
nessus
nessus
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1641-1)
2024-05-15 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1644-1)
2024-05-15 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:1659-1)
2024-05-16 00:00:00
openvas
openvas
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1647-1)
2024-05-24 00:00:00
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1641-1)
2024-05-24 00:00:00
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:1644-1)
2024-05-24 00:00:00

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON
Related for UB:CVE-2021-47219
cvelist1redhatcve1vulnrichment1debiancve1cve1nvd1nessus5openvas4