| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024052236-CVE-2021-47477-955e@gregkh> Date: Wed, 22 May 2024 10:19:37 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2021-47477: comedi: dt9812: fix DMA buffers on stack Description =========== In the Linux kernel, the following vulnerability has been resolved: comedi: dt9812: fix DMA buffers on stack USB transfer buffers are typically mapped for DMA and must not be allocated on the stack or transfers will fail. Allocate proper transfer buffers in the various command helpers and return an error on short transfers instead of acting on random stack data. Note that this also fixes a stack info leak on systems where DMA is not used as 32 bytes are always sent to the device regardless of how short the command is. The Linux kernel CVE team has assigned CVE-2021-47477 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.29 with commit 63274cd7d38a and fixed in 4.4.292 with commit a6af69768d5c Issue introduced in 2.6.29 with commit 63274cd7d38a and fixed in 4.9.290 with commit 365a346cda82 Issue introduced in 2.6.29 with commit 63274cd7d38a and fixed in 4.14.255 with commit 8a52bc480992 Issue introduced in 2.6.29 with commit 63274cd7d38a and fixed in 4.19.217 with commit 39ea61037ae7 Issue introduced in 2.6.29 with commit 63274cd7d38a and fixed in 5.4.159 with commit 3efb7af8ac43 Issue introduced in 2.6.29 with commit 63274cd7d38a and fixed in 5.10.79 with commit 786f5b034504 Issue introduced in 2.6.29 with commit 63274cd7d38a and fixed in 5.14.18 with commit 3ac273d154d6 Issue introduced in 2.6.29 with commit 63274cd7d38a and fixed in 5.15.2 with commit 20cebb8b620d Issue introduced in 2.6.29 with commit 63274cd7d38a and fixed in 5.16 with commit 536de747bc48 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2021-47477 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/comedi/drivers/dt9812.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/a6af69768d5cb4b2528946d53be5fa19ade37723 https://git.kernel.org/stable/c/365a346cda82f51d835c49136a00a9df8a78c7f2 https://git.kernel.org/stable/c/8a52bc480992c7c9da3ebfea456af731f50a4b97 https://git.kernel.org/stable/c/39ea61037ae78f14fa121228dd962ea3280eacf3 https://git.kernel.org/stable/c/3efb7af8ac437085b6c776e5b54830b149d86efe https://git.kernel.org/stable/c/786f5b03450454557ff858a8bead5d7c0cbf78d6 https://git.kernel.org/stable/c/3ac273d154d634e2034508a14db82a95d7ad12ed https://git.kernel.org/stable/c/20cebb8b620dc987e55ddc46801de986e081757e https://git.kernel.org/stable/c/536de747bc48262225889a533db6650731ab25d3
Powered by blists - more mailing lists