7.8

CVE-2021-47642

EPSS 0.02%
Published 26.02.2025 06:37:05
Last modified 23.09.2025 18:46:15
Source 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Open
Login

In the Linux kernel, the following vulnerability has been resolved:

video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow

Coverity complains of a possible buffer overflow. However,
given the 'static' scope of nvidia_setup_i2c_bus() it looks
like that can't happen after examiniing the call sites.

CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
1. fixed_size_dest: You might overrun the 48-character fixed-size string
  chan->adapter.name by copying name without checking the length.
2. parameter_as_source: Note: This defect has an elevated risk because the
  source argument is a parameter of the current function.
 89        strcpy(chan->adapter.name, name);

Fix this warning by using strscpy() which will silence the warning and
prevent any future buffer overflows should the names used to identify the
channel become much longer.

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 4.9.311

Linux ≫ Linux Kernel Version >= 4.10 < 4.14.276

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.238

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.189

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.110

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.33

Linux ≫ Linux Kernel Version >= 5.16 < 5.16.19

Linux ≫ Linux Kernel Version >= 5.17 < 5.17.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.05

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/055cdd2e7b992921424d4daaa285ced787fb205f

Patch

https://git.kernel.org/stable/c/08dff482012758935c185532b1ad7d584785a86e

Patch

https://git.kernel.org/stable/c/37a1a2e6eeeb101285cd34e12e48a881524701aa

Patch

https://git.kernel.org/stable/c/41baa86b6c802cdc6ab8ff2d46c083c9be93de81

Patch

https://git.kernel.org/stable/c/47e5533adf118afaf06d25a3e2aaaab89371b1c5

Patch

https://git.kernel.org/stable/c/580e5d3815474b8349250c25c16416585a72c7fe

Patch

https://git.kernel.org/stable/c/6a5226e544ac043bb2d8dc1bfe8920d02282f7cd

Patch

https://git.kernel.org/stable/c/72dd5c46a152136712a55bf026a9aa8c1b12b60d

Patch

https://git.kernel.org/stable/c/9ff2f7294ab0f011cd4d1b7dcd9a07d8fdf72834

Patch

https://nvd.nist.gov/vuln/detail/CVE-2021-47642

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-47642

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-47642

EUVD