5.5

CVE-2021-47297

net: fix uninit-value in caif_seqpkt_sendmsg

In the Linux kernel, the following vulnerability has been resolved:

net: fix uninit-value in caif_seqpkt_sendmsg

When nr_segs equal to zero in iovec_from_user, the object
msg->msg_iter.iov is uninit stack memory in caif_seqpkt_sendmsg
which is defined in ___sys_sendmsg. So we cann't just judge
msg->msg_iter.iov->base directlly. We can use nr_segs to judge
msg in caif_seqpkt_sendmsg whether has data buffers.

=====================================================
BUG: KMSAN: uninit-value in caif_seqpkt_sendmsg+0x693/0xf60 net/caif/caif_socket.c:542
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x220 lib/dump_stack.c:118
 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
 caif_seqpkt_sendmsg+0x693/0xf60 net/caif/caif_socket.c:542
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg net/socket.c:672 [inline]
 ____sys_sendmsg+0x12b6/0x1350 net/socket.c:2343
 ___sys_sendmsg net/socket.c:2397 [inline]
 __sys_sendmmsg+0x808/0xc90 net/socket.c:2480
 __compat_sys_sendmmsg net/compat.c:656 [inline]
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.35 < 4.4.277
LinuxLinux Kernel Version >= 4.5 < 4.9.277
LinuxLinux Kernel Version >= 4.10 < 4.14.241
LinuxLinux Kernel Version >= 4.15 < 4.19.199
LinuxLinux Kernel Version >= 4.20 < 5.4.136
LinuxLinux Kernel Version >= 5.5 < 5.10.54
LinuxLinux Kernel Version >= 5.11 < 5.13.6
LinuxLinux Kernel Version5.14 Updaterc1
LinuxLinux Kernel Version5.14 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.13
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/1582a02fecffcee306663035a295e28e1c4aaaff
Patch
https://git.kernel.org/stable/c/452c3ed7bf63721b07bc2238ed1261bb26027e85
Patch
https://git.kernel.org/stable/c/5c6d8e2f7187b8e45a18c27acb7a3885f03ee3db
Patch
https://git.kernel.org/stable/c/9413c0abb57f70a953b1116318d6aa478013c35d
Patch
https://git.kernel.org/stable/c/991e634360f2622a683b48dfe44fe6d9cb765a09
Patch
https://git.kernel.org/stable/c/d4c7797ab1517515f0d08b3bc1c6b48883889c54
Patch
https://git.kernel.org/stable/c/d9d646acad2c3590e189bb5d5c86ab8bd8a2dfc3
Patch
https://git.kernel.org/stable/c/ffe31dd70b70a40cd6b21b78c1713a23e021843a
Patch