CVE-2021-4439

EPSS 0.02%
Published 20.06.2024 12:15:10
Last modified 21.11.2024 06:37:44
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

isdn: cpai: check ctr->cnr to avoid array index out of bound

The cmtp_add_connection() would add a cmtp session to a controller
and run a kernel thread to process cmtp.

	__module_get(THIS_MODULE);
	session->task = kthread_run(cmtp_session, session, "kcmtpd_ctr_%d",
								session->num);

During this process, the kernel thread would call detach_capi_ctr()
to detach a register controller. if the controller
was not attached yet, detach_capi_ctr() would
trigger an array-index-out-bounds bug.

[   46.866069][ T6479] UBSAN: array-index-out-of-bounds in
drivers/isdn/capi/kcapi.c:483:21
[   46.867196][ T6479] index -1 is out of range for type 'capi_ctr *[32]'
[   46.867982][ T6479] CPU: 1 PID: 6479 Comm: kcmtpd_ctr_0 Not tainted
5.15.0-rc2+ #8
[   46.869002][ T6479] Hardware name: QEMU Standard PC (i440FX + PIIX,
1996), BIOS 1.14.0-2 04/01/2014
[   46.870107][ T6479] Call Trace:
[   46.870473][ T6479]  dump_stack_lvl+0x57/0x7d
[   46.870974][ T6479]  ubsan_epilogue+0x5/0x40
[   46.871458][ T6479]  __ubsan_handle_out_of_bounds.cold+0x43/0x48
[   46.872135][ T6479]  detach_capi_ctr+0x64/0xc0
[   46.872639][ T6479]  cmtp_session+0x5c8/0x5d0
[   46.873131][ T6479]  ? __init_waitqueue_head+0x60/0x60
[   46.873712][ T6479]  ? cmtp_add_msgpart+0x120/0x120
[   46.874256][ T6479]  kthread+0x147/0x170
[   46.874709][ T6479]  ? set_kthread_struct+0x40/0x40
[   46.875248][ T6479]  ret_from_fork+0x1f/0x30
[   46.875773][ T6479]

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 4.4.290

Linux ≫ Linux Kernel Version >= 4.5 < 4.9.288

Linux ≫ Linux Kernel Version >= 4.10 < 4.14.253

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.214

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.156

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.76

Linux ≫ Linux Kernel Version >= 5.11 < 5.14.15

Linux ≫ Linux Kernel Version5.15 Updaterc1

Linux ≫ Linux Kernel Version5.15 Updaterc2

Linux ≫ Linux Kernel Version5.15 Updaterc3

Linux ≫ Linux Kernel Version5.15 Updaterc4

Linux ≫ Linux Kernel Version5.15 Updaterc5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.027

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://git.kernel.org/stable/c/1f3e2e97c003f80c4b087092b225c8787ff91e4d

Patch

https://git.kernel.org/stable/c/24219a977bfe3d658687e45615c70998acdbac5a

Patch

https://git.kernel.org/stable/c/285e9210b1fab96a11c0be3ed5cea9dd48b6ac54

Patch

https://git.kernel.org/stable/c/7d91adc0ccb060ce564103315189466eb822cc6a

Patch

https://git.kernel.org/stable/c/7f221ccbee4ec662e2292d490a43ce6c314c4594

Patch

https://git.kernel.org/stable/c/9b6b2db77bc3121fe435f1d4b56e34de443bec75

Patch