CVE-2021-47580

2024-06-1900:00:00

ubuntu.com

linux kernel

scsi_debug

stack out of bounds

min_t()

u32

memcpy

kasan

red hat kvm

bios

cve-2021-47580

AI Score

6.6

Confidence

High

JSON

In the Linux kernel, the following vulnerability has been resolved: scsi:
scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type
“u32” instead of type “int” to avoid stack out of bounds. With min_t() type
“int” the values get sign extended and the larger value gets used causing
stack out of bounds. BUG: KASAN: stack-out-of-bounds in memcpy
include/linux/fortify-string.h:191 [inline] BUG: KASAN: stack-out-of-bounds
in sg_copy_buffer+0x1de/0x240 lib/scatterlist.c:976 Read of size 127 at
addr ffff888072607128 by task syz-executor.7/18707 CPU: 1 PID: 18707 Comm:
syz-executor.7 Not tainted 5.15.0-syzk #1 Hardware name: Red Hat KVM, BIOS
1.13.0-2 Call Trace: __dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106
print_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:256
__kasan_report mm/kasan/report.c:442 [inline]
kasan_report.cold.14+0x7d/0x117 mm/kasan/report.c:459 check_region_inline
mm/kasan/generic.c:183 [inline] kasan_check_range+0x1a3/0x210
mm/kasan/generic.c:189 memcpy+0x23/0x60 mm/kasan/shadow.c:65 memcpy
include/linux/fortify-string.h:191 [inline] sg_copy_buffer+0x1de/0x240
lib/scatterlist.c:976 sg_copy_from_buffer+0x33/0x40 lib/scatterlist.c:1000
fill_from_dev_buffer.part.34+0x82/0x130 drivers/scsi/scsi_debug.c:1162
fill_from_dev_buffer drivers/scsi/scsi_debug.c:1888 [inline]
resp_readcap16+0x365/0x3b0 drivers/scsi/scsi_debug.c:1887
schedule_resp+0x4d8/0x1a70 drivers/scsi/scsi_debug.c:5478
scsi_debug_queuecommand+0x8c9/0x1ec0 drivers/scsi/scsi_debug.c:7533
scsi_dispatch_cmd drivers/scsi/scsi_lib.c:1520 [inline]
scsi_queue_rq+0x16b0/0x2d40 drivers/scsi/scsi_lib.c:1699
blk_mq_dispatch_rq_list+0xb9b/0x2700 block/blk-mq.c:1639
__blk_mq_sched_dispatch_requests+0x28f/0x590 block/blk-mq-sched.c:325
blk_mq_sched_dispatch_requests+0x105/0x190 block/blk-mq-sched.c:358
__blk_mq_run_hw_queue+0xe5/0x150 block/blk-mq.c:1761
__blk_mq_delay_run_hw_queue+0x4f8/0x5c0 block/blk-mq.c:1838
blk_mq_run_hw_queue+0x18d/0x350 block/blk-mq.c:1891
blk_mq_sched_insert_request+0x3db/0x4e0 block/blk-mq-sched.c:474
blk_execute_rq_nowait+0x16b/0x1c0 block/blk-exec.c:62
sg_common_write.isra.18+0xeb3/0x2000 drivers/scsi/sg.c:836
sg_new_write.isra.19+0x570/0x8c0 drivers/scsi/sg.c:774
sg_ioctl_common+0x14d6/0x2710 drivers/scsi/sg.c:939 sg_ioctl+0xa2/0x180
drivers/scsi/sg.c:1165 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl
fs/ioctl.c:874 [inline] __se_sys_ioctl fs/ioctl.c:860 [inline]
__x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860 do_syscall_x64
arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3a/0x80
arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchlinux< anyUNKNOWN
ubuntu20.04noarchlinux-aws< anyUNKNOWN
ubuntu20.04noarchlinux-azure< anyUNKNOWN
ubuntu20.04noarchlinux-bluefield< anyUNKNOWN
ubuntu20.04noarchlinux-gcp< anyUNKNOWN
ubuntu20.04noarchlinux-gkeop< anyUNKNOWN
ubuntu20.04noarchlinux-ibm< anyUNKNOWN
ubuntu20.04noarchlinux-iot< anyUNKNOWN
ubuntu20.04noarchlinux-kvm< anyUNKNOWN
ubuntu20.04noarchlinux-oracle< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	linux	< any	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< any	UNKNOWN
ubuntu	20.04	noarch	linux-azure	< any	UNKNOWN
ubuntu	20.04	noarch	linux-bluefield	< any	UNKNOWN
ubuntu	20.04	noarch	linux-gcp	< any	UNKNOWN
ubuntu	20.04	noarch	linux-gkeop	< any	UNKNOWN
ubuntu	20.04	noarch	linux-ibm	< any	UNKNOWN
ubuntu	20.04	noarch	linux-iot	< any	UNKNOWN
ubuntu	20.04	noarch	linux-kvm	< any	UNKNOWN
ubuntu	20.04	noarch	linux-oracle	< any	UNKNOWN