7.1

CVE-2021-47240

net: qrtr: fix OOB Read in qrtr_endpoint_post

In the Linux kernel, the following vulnerability has been resolved:

net: qrtr: fix OOB Read in qrtr_endpoint_post

Syzbot reported slab-out-of-bounds Read in
qrtr_endpoint_post. The problem was in wrong
_size_ type:

	if (len != ALIGN(size, 4) + hdrlen)
		goto err;

If size from qrtr_hdr is 4294967293 (0xfffffffd), the result of
ALIGN(size, 4) will be 0. In case of len == hdrlen and size == 4294967293
in header this check won't fail and

	skb_put_data(skb, data + hdrlen, size);

will read out of bound from data, which is hdrlen allocated block.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.15 < 4.19.196
LinuxLinux Kernel Version >= 4.20 < 5.4.128
LinuxLinux Kernel Version >= 5.5 < 5.10.46
LinuxLinux Kernel Version >= 5.11 < 5.12.13
LinuxLinux Kernel Version5.13 Updaterc1
LinuxLinux Kernel Version5.13 Updaterc2
LinuxLinux Kernel Version5.13 Updaterc3
LinuxLinux Kernel Version5.13 Updaterc4
LinuxLinux Kernel Version5.13 Updaterc5
LinuxLinux Kernel Version5.13 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.139
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/19892ab9c9d838e2e5a7744d36e4bb8b7c3292fe
Patch
https://git.kernel.org/stable/c/26b8d10703a9be45d6097946b2b4011f7dd2c56f
Patch
https://git.kernel.org/stable/c/960b08dd36de1e341e3eb43d1c547513e338f4f8
Patch
https://git.kernel.org/stable/c/ad9d24c9429e2159d1e279dc3a83191ccb4daf1d
Patch
https://git.kernel.org/stable/c/f8111c0d7ed42ede41a3d0d393b104de0730a8a6
Patch