fkie_cve-2021-47649
Vulnerability from fkie_nvd
Published
2025-02-26 06:37
Modified
2025-02-26 06:37
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
udmabuf: validate ubuf->pagecount
Syzbot has reported GPF in sg_alloc_append_table_from_pages(). The
problem was in ubuf->pages == ZERO_PTR.
ubuf->pagecount is calculated from arguments passed from user-space. If
user creates udmabuf with list.size == 0 then ubuf->pagecount will be
also equal to zero; it causes kmalloc_array() to return ZERO_PTR.
Fix it by validating ubuf->pagecount before passing it to
kmalloc_array().
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: validate ubuf-\u003epagecount\n\nSyzbot has reported GPF in sg_alloc_append_table_from_pages(). The\nproblem was in ubuf-\u003epages == ZERO_PTR.\n\nubuf-\u003epagecount is calculated from arguments passed from user-space. If\nuser creates udmabuf with list.size == 0 then ubuf-\u003epagecount will be\nalso equal to zero; it causes kmalloc_array() to return ZERO_PTR.\n\nFix it by validating ubuf-\u003epagecount before passing it to\nkmalloc_array()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: udmabuf: validar ubuf-\u0026gt;pagecount Syzbot ha informado de un GPF en sg_alloc_append_table_from_pages(). El problema estaba en ubuf-\u0026gt;pages == ZERO_PTR. ubuf-\u0026gt;pagecount se calcula a partir de los argumentos pasados desde el espacio de usuario. Si el usuario crea udmabuf con list.size == 0, entonces ubuf-\u0026gt;pagecount tambi\u00e9n ser\u00e1 igual a cero; esto hace que kmalloc_array() devuelva ZERO_PTR. Arr\u00e9glelo validando ubuf-\u0026gt;pagecount antes de pasarlo a kmalloc_array()."
}
],
"id": "CVE-2021-47649",
"lastModified": "2025-02-26T06:37:06.687",
"metrics": {},
"published": "2025-02-26T06:37:06.687",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/2b6dd600dd72573c23ea180b5b0b2f1813405882"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/5d50f851dd307c07ca5591297093f19967c834a9"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/811b667cefbea9cb7511a874b169d6a92907137e"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/9e9b4a269f84d3230f2af84ff42322db676440d9"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/a3728d32fc61eb0fe283cb8ff60b2c8f751e2202"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/b267a8118c2b171bf7d67b90ed64154eeab9fae0"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…