| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022647-CVE-2021-47642-ae1b@gregkh> Date: Wed, 26 Feb 2025 02:53:53 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2021-47642: video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow Description =========== In the Linux kernel, the following vulnerability has been resolved: video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow Coverity complains of a possible buffer overflow. However, given the 'static' scope of nvidia_setup_i2c_bus() it looks like that can't happen after examiniing the call sites. CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 1. fixed_size_dest: You might overrun the 48-character fixed-size string chan->adapter.name by copying name without checking the length. 2. parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. 89 strcpy(chan->adapter.name, name); Fix this warning by using strscpy() which will silence the warning and prevent any future buffer overflows should the names used to identify the channel become much longer. The Linux kernel CVE team has assigned CVE-2021-47642 to this issue. Affected and fixed versions =========================== Fixed in 4.9.311 with commit 47e5533adf118afaf06d25a3e2aaaab89371b1c5 Fixed in 4.14.276 with commit 580e5d3815474b8349250c25c16416585a72c7fe Fixed in 4.19.238 with commit 72dd5c46a152136712a55bf026a9aa8c1b12b60d Fixed in 5.4.189 with commit 055cdd2e7b992921424d4daaa285ced787fb205f Fixed in 5.10.110 with commit 08dff482012758935c185532b1ad7d584785a86e Fixed in 5.15.33 with commit 9ff2f7294ab0f011cd4d1b7dcd9a07d8fdf72834 Fixed in 5.16.19 with commit 6a5226e544ac043bb2d8dc1bfe8920d02282f7cd Fixed in 5.17.2 with commit 41baa86b6c802cdc6ab8ff2d46c083c9be93de81 Fixed in 5.18 with commit 37a1a2e6eeeb101285cd34e12e48a881524701aa Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2021-47642 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/video/fbdev/nvidia/nv_i2c.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/47e5533adf118afaf06d25a3e2aaaab89371b1c5 https://git.kernel.org/stable/c/580e5d3815474b8349250c25c16416585a72c7fe https://git.kernel.org/stable/c/72dd5c46a152136712a55bf026a9aa8c1b12b60d https://git.kernel.org/stable/c/055cdd2e7b992921424d4daaa285ced787fb205f https://git.kernel.org/stable/c/08dff482012758935c185532b1ad7d584785a86e https://git.kernel.org/stable/c/9ff2f7294ab0f011cd4d1b7dcd9a07d8fdf72834 https://git.kernel.org/stable/c/6a5226e544ac043bb2d8dc1bfe8920d02282f7cd https://git.kernel.org/stable/c/41baa86b6c802cdc6ab8ff2d46c083c9be93de81 https://git.kernel.org/stable/c/37a1a2e6eeeb101285cd34e12e48a881524701aa
Powered by blists - more mailing lists