diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-03-25 10:16:57 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-03-25 10:16:57 +0100 |
| commit | 2f5188532e268094d657f94579d83dd44c7a7184 (patch) | |
| tree | 524ff8b5c890d3396b80193a0d395beae66c9a8d | |
| parent | d215c027ff32b265ba0af38d0bd7e67e3c202450 (diff) | |
| download | vulns-2f5188532e268094d657f94579d83dd44c7a7184.tar.gz | |
Publish some more gsd->cve entries
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
92 files changed, 5430 insertions, 0 deletions
diff --git a/cve/reserved/2021/CVE-2021-47158 b/cve/published/2021/CVE-2021-47158 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47158 +++ b/cve/published/2021/CVE-2021-47158 diff --git a/cve/published/2021/CVE-2021-47158.json b/cve/published/2021/CVE-2021-47158.json new file mode 100644 index 00000000..06fdab76 --- /dev/null +++ b/cve/published/2021/CVE-2021-47158.json @@ -0,0 +1,103 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: sja1105: add error handling in sja1105_setup()\n\nIf any of sja1105_static_config_load(), sja1105_clocking_setup() or\nsja1105_devlink_setup() fails, we can't just return in the middle of\nsja1105_setup() or memory will leak. Add a cleanup path." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "8aa9ebccae87", + "lessThan": "dd8609f20344", + "status": "affected", + "versionType": "git" + }, + { + "version": "8aa9ebccae87", + "lessThan": "987e4ab8b8a4", + "status": "affected", + "versionType": "git" + }, + { + "version": "8aa9ebccae87", + "lessThan": "cec279a898a3", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "5.2", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.2", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/dd8609f203448ca6d58ae71461208b3f6b0329b0" + }, + { + "url": "https://git.kernel.org/stable/c/987e4ab8b8a4fcbf783069e03e7524cd39ffd563" + }, + { + "url": "https://git.kernel.org/stable/c/cec279a898a3b004411682f212215ccaea1cd0fb" + } + ], + "title": "net: dsa: sja1105: add error handling in sja1105_setup()", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47158", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47158.mbox b/cve/published/2021/CVE-2021-47158.mbox new file mode 100644 index 00000000..af903772 --- /dev/null +++ b/cve/published/2021/CVE-2021-47158.mbox @@ -0,0 +1,68 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47158: net: dsa: sja1105: add error handling in sja1105_setup() +Message-Id: <2024032533-CVE-2021-47158-71e9@gregkh> +Content-Length: 1979 +Lines: 51 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2031; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=Kh8ZW2tI4YlorcRGlstWkrjBi/SjDOQaDLJC/snHmUk=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDh8vp1bvFeJMdU38ecBVzT/v7yyGd7H1V/ee0EnWa + spMdmLriGVhEGRikBVTZPmyjefo/opDil6Gtqdh5rAygQxh4OIUgIlELWFYsGoN+yWrkFcvgqPZ + GOYUukXuS5DewjDPbj+3055ksfUOR0/3qLpJvJB9ds4EAA== +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +net: dsa: sja1105: add error handling in sja1105_setup() + +If any of sja1105_static_config_load(), sja1105_clocking_setup() or +sja1105_devlink_setup() fails, we can't just return in the middle of +sja1105_setup() or memory will leak. Add a cleanup path. + +The Linux kernel CVE team has assigned CVE-2021-47158 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 5.2 with commit 8aa9ebccae87 and fixed in 5.10.42 with commit dd8609f20344 + Issue introduced in 5.2 with commit 8aa9ebccae87 and fixed in 5.12.9 with commit 987e4ab8b8a4 + Issue introduced in 5.2 with commit 8aa9ebccae87 and fixed in 5.13 with commit cec279a898a3 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47158 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + drivers/net/dsa/sja1105/sja1105_main.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/dd8609f203448ca6d58ae71461208b3f6b0329b0 + https://git.kernel.org/stable/c/987e4ab8b8a4fcbf783069e03e7524cd39ffd563 + https://git.kernel.org/stable/c/cec279a898a3b004411682f212215ccaea1cd0fb diff --git a/cve/published/2021/CVE-2021-47158.sha1 b/cve/published/2021/CVE-2021-47158.sha1 new file mode 100644 index 00000000..9da40360 --- /dev/null +++ b/cve/published/2021/CVE-2021-47158.sha1 @@ -0,0 +1 @@ +cec279a898a3b004411682f212215ccaea1cd0fb diff --git a/cve/reserved/2021/CVE-2021-47159 b/cve/published/2021/CVE-2021-47159 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47159 +++ b/cve/published/2021/CVE-2021-47159 diff --git a/cve/published/2021/CVE-2021-47159.json b/cve/published/2021/CVE-2021-47159.json new file mode 100644 index 00000000..0afcb908 --- /dev/null +++ b/cve/published/2021/CVE-2021-47159.json @@ -0,0 +1,133 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: fix a crash if ->get_sset_count() fails\n\nIf ds->ops->get_sset_count() fails then it \"count\" is a negative error\ncode such as -EOPNOTSUPP. Because \"i\" is an unsigned int, the negative\nerror code is type promoted to a very high value and the loop will\ncorrupt memory until the system crashes.\n\nFix this by checking for error codes and changing the type of \"i\" to\njust int." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "badf3ada60ab", + "lessThan": "0f2cb08c57ed", + "status": "affected", + "versionType": "git" + }, + { + "version": "badf3ada60ab", + "lessThan": "ce5355f140a7", + "status": "affected", + "versionType": "git" + }, + { + "version": "badf3ada60ab", + "lessThan": "caff86f85512", + "status": "affected", + "versionType": "git" + }, + { + "version": "badf3ada60ab", + "lessThan": "7b22466648a4", + "status": "affected", + "versionType": "git" + }, + { + "version": "badf3ada60ab", + "lessThan": "a269333fa5c0", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "4.7", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.7", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.193", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.124", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/0f2cb08c57edefb0e7b5045e0e3e9980a3d3aa37" + }, + { + "url": "https://git.kernel.org/stable/c/ce5355f140a7987011388c7e30c4f8fbe180d3e8" + }, + { + "url": "https://git.kernel.org/stable/c/caff86f85512b8e0d9830e8b8b0dfe13c68ce5b6" + }, + { + "url": "https://git.kernel.org/stable/c/7b22466648a4f8e3e94f57ca428d1531866d1373" + }, + { + "url": "https://git.kernel.org/stable/c/a269333fa5c0c8e53c92b5a28a6076a28cde3e83" + } + ], + "title": "net: dsa: fix a crash if ->get_sset_count() fails", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47159", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47159.mbox b/cve/published/2021/CVE-2021-47159.mbox new file mode 100644 index 00000000..ce0d2633 --- /dev/null +++ b/cve/published/2021/CVE-2021-47159.mbox @@ -0,0 +1,76 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47159: net: dsa: fix a crash if ->get_sset_count() fails +Message-Id: <2024032533-CVE-2021-47159-9ac6@gregkh> +Content-Length: 2428 +Lines: 59 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2488; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=Hu7E2eMYuxoizbgam+jCs4t5HD4j+qUJIMOmw29eppk=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDh+NVTp/rb/ytvvIi5Z3xb0P8n/6Bz3oLtq6dafC8 + to1DjpCHbEsDIJMDLJiiixftvEc3V9xSNHL0PY0zBxWJpAhDFycAjAR6VsMC9pXTudkcjieKxMq + U+01IyiwV1FFkWF+nrixdt6DBw1iNn6Nfi8C+SqZFX8CAA== +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +net: dsa: fix a crash if ->get_sset_count() fails + +If ds->ops->get_sset_count() fails then it "count" is a negative error +code such as -EOPNOTSUPP. Because "i" is an unsigned int, the negative +error code is type promoted to a very high value and the loop will +corrupt memory until the system crashes. + +Fix this by checking for error codes and changing the type of "i" to +just int. + +The Linux kernel CVE team has assigned CVE-2021-47159 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 4.7 with commit badf3ada60ab and fixed in 4.19.193 with commit 0f2cb08c57ed + Issue introduced in 4.7 with commit badf3ada60ab and fixed in 5.4.124 with commit ce5355f140a7 + Issue introduced in 4.7 with commit badf3ada60ab and fixed in 5.10.42 with commit caff86f85512 + Issue introduced in 4.7 with commit badf3ada60ab and fixed in 5.12.9 with commit 7b22466648a4 + Issue introduced in 4.7 with commit badf3ada60ab and fixed in 5.13 with commit a269333fa5c0 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47159 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + net/dsa/master.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/0f2cb08c57edefb0e7b5045e0e3e9980a3d3aa37 + https://git.kernel.org/stable/c/ce5355f140a7987011388c7e30c4f8fbe180d3e8 + https://git.kernel.org/stable/c/caff86f85512b8e0d9830e8b8b0dfe13c68ce5b6 + https://git.kernel.org/stable/c/7b22466648a4f8e3e94f57ca428d1531866d1373 + https://git.kernel.org/stable/c/a269333fa5c0c8e53c92b5a28a6076a28cde3e83 diff --git a/cve/published/2021/CVE-2021-47159.sha1 b/cve/published/2021/CVE-2021-47159.sha1 new file mode 100644 index 00000000..82df6da1 --- /dev/null +++ b/cve/published/2021/CVE-2021-47159.sha1 @@ -0,0 +1 @@ +a269333fa5c0c8e53c92b5a28a6076a28cde3e83 diff --git a/cve/reserved/2021/CVE-2021-47160 b/cve/published/2021/CVE-2021-47160 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47160 +++ b/cve/published/2021/CVE-2021-47160 diff --git a/cve/published/2021/CVE-2021-47160.json b/cve/published/2021/CVE-2021-47160.json new file mode 100644 index 00000000..d3418c3c --- /dev/null +++ b/cve/published/2021/CVE-2021-47160.json @@ -0,0 +1,133 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mt7530: fix VLAN traffic leaks\n\nPCR_MATRIX field was set to all 1's when VLAN filtering is enabled, but\nwas not reset when it is disabled, which may cause traffic leaks:\n\n\tip link add br0 type bridge vlan_filtering 1\n\tip link add br1 type bridge vlan_filtering 1\n\tip link set swp0 master br0\n\tip link set swp1 master br1\n\tip link set br0 type bridge vlan_filtering 0\n\tip link set br1 type bridge vlan_filtering 0\n\t# traffic in br0 and br1 will start leaking to each other\n\nAs port_bridge_{add,del} have set up PCR_MATRIX properly, remove the\nPCR_MATRIX write from mt7530_port_set_vlan_aware." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "83163f7dca56", + "lessThan": "ae389812733b", + "status": "affected", + "versionType": "git" + }, + { + "version": "83163f7dca56", + "lessThan": "4fe4e1f48ba1", + "status": "affected", + "versionType": "git" + }, + { + "version": "83163f7dca56", + "lessThan": "b91117b66fe8", + "status": "affected", + "versionType": "git" + }, + { + "version": "83163f7dca56", + "lessThan": "82ae35b6c14f", + "status": "affected", + "versionType": "git" + }, + { + "version": "83163f7dca56", + "lessThan": "474a2ddaa192", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "4.16", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.16", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.193", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.124", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/ae389812733b1b1e8e07fcc238e41db166b5c78d" + }, + { + "url": "https://git.kernel.org/stable/c/4fe4e1f48ba119bdbc7c897c83b04ba0d08f5488" + }, + { + "url": "https://git.kernel.org/stable/c/b91117b66fe875723a4e79ec6263526fffdb44d2" + }, + { + "url": "https://git.kernel.org/stable/c/82ae35b6c14feae5f216913d5b433e143c756d4e" + }, + { + "url": "https://git.kernel.org/stable/c/474a2ddaa192777522a7499784f1d60691cd831a" + } + ], + "title": "net: dsa: mt7530: fix VLAN traffic leaks", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47160", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47160.mbox b/cve/published/2021/CVE-2021-47160.mbox new file mode 100644 index 00000000..63b35cd9 --- /dev/null +++ b/cve/published/2021/CVE-2021-47160.mbox @@ -0,0 +1,82 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47160: net: dsa: mt7530: fix VLAN traffic leaks +Message-Id: <2024032534-CVE-2021-47160-8e53@gregkh> +Content-Length: 2661 +Lines: 65 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2727; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=ncTMzwCg60bIIjZGv4IhBwFh4u9VDi1fzpVsn1WT/z4=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDp8K3k5rf8VsuzDq1Jo7nrsnvPnE3buCSfmGyf7Dy + 5d1LAvi6IhlYRBkYpAVU2T5so3n6P6KQ4pehranYeawMoEMYeDiFICJPLjFsGBinkbuizLPks+K + 1mVxuzbNF52xUoNhDtfhWTYMqSyP7c0XeFTfthXwl77xHgA= +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +net: dsa: mt7530: fix VLAN traffic leaks + +PCR_MATRIX field was set to all 1's when VLAN filtering is enabled, but +was not reset when it is disabled, which may cause traffic leaks: + + ip link add br0 type bridge vlan_filtering 1 + ip link add br1 type bridge vlan_filtering 1 + ip link set swp0 master br0 + ip link set swp1 master br1 + ip link set br0 type bridge vlan_filtering 0 + ip link set br1 type bridge vlan_filtering 0 + # traffic in br0 and br1 will start leaking to each other + +As port_bridge_{add,del} have set up PCR_MATRIX properly, remove the +PCR_MATRIX write from mt7530_port_set_vlan_aware. + +The Linux kernel CVE team has assigned CVE-2021-47160 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 4.16 with commit 83163f7dca56 and fixed in 4.19.193 with commit ae389812733b + Issue introduced in 4.16 with commit 83163f7dca56 and fixed in 5.4.124 with commit 4fe4e1f48ba1 + Issue introduced in 4.16 with commit 83163f7dca56 and fixed in 5.10.42 with commit b91117b66fe8 + Issue introduced in 4.16 with commit 83163f7dca56 and fixed in 5.12.9 with commit 82ae35b6c14f + Issue introduced in 4.16 with commit 83163f7dca56 and fixed in 5.13 with commit 474a2ddaa192 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47160 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + drivers/net/dsa/mt7530.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/ae389812733b1b1e8e07fcc238e41db166b5c78d + https://git.kernel.org/stable/c/4fe4e1f48ba119bdbc7c897c83b04ba0d08f5488 + https://git.kernel.org/stable/c/b91117b66fe875723a4e79ec6263526fffdb44d2 + https://git.kernel.org/stable/c/82ae35b6c14feae5f216913d5b433e143c756d4e + https://git.kernel.org/stable/c/474a2ddaa192777522a7499784f1d60691cd831a diff --git a/cve/published/2021/CVE-2021-47160.sha1 b/cve/published/2021/CVE-2021-47160.sha1 new file mode 100644 index 00000000..7298bd72 --- /dev/null +++ b/cve/published/2021/CVE-2021-47160.sha1 @@ -0,0 +1 @@ +474a2ddaa192777522a7499784f1d60691cd831a diff --git a/cve/reserved/2021/CVE-2021-47161 b/cve/published/2021/CVE-2021-47161 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47161 +++ b/cve/published/2021/CVE-2021-47161 diff --git a/cve/published/2021/CVE-2021-47161.json b/cve/published/2021/CVE-2021-47161.json new file mode 100644 index 00000000..e5aff7c3 --- /dev/null +++ b/cve/published/2021/CVE-2021-47161.json @@ -0,0 +1,148 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-fsl-dspi: Fix a resource leak in an error handling path\n\n'dspi_request_dma()' should be undone by a 'dspi_release_dma()' call in the\nerror handling path of the probe function, as already done in the remove\nfunction" + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "90ba37033cb9", + "lessThan": "10a089bae827", + "status": "affected", + "versionType": "git" + }, + { + "version": "90ba37033cb9", + "lessThan": "00450ed03a17", + "status": "affected", + "versionType": "git" + }, + { + "version": "90ba37033cb9", + "lessThan": "15d1cc4b4b58", + "status": "affected", + "versionType": "git" + }, + { + "version": "90ba37033cb9", + "lessThan": "fe6921e3b845", + "status": "affected", + "versionType": "git" + }, + { + "version": "90ba37033cb9", + "lessThan": "12391be4724a", + "status": "affected", + "versionType": "git" + }, + { + "version": "90ba37033cb9", + "lessThan": "680ec0549a05", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "4.10", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.10", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.14.241", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.199", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.124", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/10a089bae827ec30ad9b6cb7048020a62fae0cfa" + }, + { + "url": "https://git.kernel.org/stable/c/00450ed03a17143e2433b461a656ef9cd17c2f1d" + }, + { + "url": "https://git.kernel.org/stable/c/15d1cc4b4b585f9a2ce72c52cca004d5d735bdf1" + }, + { + "url": "https://git.kernel.org/stable/c/fe6921e3b8451a537e01c031b8212366bb386e3e" + }, + { + "url": "https://git.kernel.org/stable/c/12391be4724acc9269e1845ccbd881df37de4b56" + }, + { + "url": "https://git.kernel.org/stable/c/680ec0549a055eb464dce6ffb4bfb736ef87236e" + } + ], + "title": "spi: spi-fsl-dspi: Fix a resource leak in an error handling path", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47161", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47161.mbox b/cve/published/2021/CVE-2021-47161.mbox new file mode 100644 index 00000000..b59dd1db --- /dev/null +++ b/cve/published/2021/CVE-2021-47161.mbox @@ -0,0 +1,74 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47161: spi: spi-fsl-dspi: Fix a resource leak in an error handling path +Message-Id: <2024032534-CVE-2021-47161-65ce@gregkh> +Content-Length: 2457 +Lines: 57 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2515; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=D03Gl6C7kVAEL8LX4zcdzwcbhYdmMLBxzWuVYb82pAA=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDp8eHMlkbbB77PV5/7ZJ2vfnXcrf+HNy2MaDG++u/ + fTV5Yzo9I5YFgZBJgZZMUWWL9t4ju6vOKToZWh7GmYOKxPIEAYuTgGYyOdqhvnZ06bxXZ3StfPy + jdIw12Nvii2+z9RimJ+33DajSF/HcVHEZbPFZmkrBJhWxgIA +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +spi: spi-fsl-dspi: Fix a resource leak in an error handling path + +'dspi_request_dma()' should be undone by a 'dspi_release_dma()' call in the +error handling path of the probe function, as already done in the remove +function + +The Linux kernel CVE team has assigned CVE-2021-47161 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 4.10 with commit 90ba37033cb9 and fixed in 4.14.241 with commit 10a089bae827 + Issue introduced in 4.10 with commit 90ba37033cb9 and fixed in 4.19.199 with commit 00450ed03a17 + Issue introduced in 4.10 with commit 90ba37033cb9 and fixed in 5.4.124 with commit 15d1cc4b4b58 + Issue introduced in 4.10 with commit 90ba37033cb9 and fixed in 5.10.42 with commit fe6921e3b845 + Issue introduced in 4.10 with commit 90ba37033cb9 and fixed in 5.12.9 with commit 12391be4724a + Issue introduced in 4.10 with commit 90ba37033cb9 and fixed in 5.13 with commit 680ec0549a05 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47161 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + drivers/spi/spi-fsl-dspi.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/10a089bae827ec30ad9b6cb7048020a62fae0cfa + https://git.kernel.org/stable/c/00450ed03a17143e2433b461a656ef9cd17c2f1d + https://git.kernel.org/stable/c/15d1cc4b4b585f9a2ce72c52cca004d5d735bdf1 + https://git.kernel.org/stable/c/fe6921e3b8451a537e01c031b8212366bb386e3e + https://git.kernel.org/stable/c/12391be4724acc9269e1845ccbd881df37de4b56 + https://git.kernel.org/stable/c/680ec0549a055eb464dce6ffb4bfb736ef87236e diff --git a/cve/published/2021/CVE-2021-47161.sha1 b/cve/published/2021/CVE-2021-47161.sha1 new file mode 100644 index 00000000..d85f465d --- /dev/null +++ b/cve/published/2021/CVE-2021-47161.sha1 @@ -0,0 +1 @@ +680ec0549a055eb464dce6ffb4bfb736ef87236e diff --git a/cve/reserved/2021/CVE-2021-47162 b/cve/published/2021/CVE-2021-47162 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47162 +++ b/cve/published/2021/CVE-2021-47162 diff --git a/cve/published/2021/CVE-2021-47162.json b/cve/published/2021/CVE-2021-47162.json new file mode 100644 index 00000000..97890782 --- /dev/null +++ b/cve/published/2021/CVE-2021-47162.json @@ -0,0 +1,178 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: skb_linearize the head skb when reassembling msgs\n\nIt's not a good idea to append the frag skb to a skb's frag_list if\nthe frag_list already has skbs from elsewhere, such as this skb was\ncreated by pskb_copy() where the frag_list was cloned (all the skbs\nin it were skb_get'ed) and shared by multiple skbs.\n\nHowever, the new appended frag skb should have been only seen by the\ncurrent skb. Otherwise, it will cause use after free crashes as this\nappended frag skb are seen by multiple skbs but it only got skb_get\ncalled once.\n\nThe same thing happens with a skb updated by pskb_may_pull() with a\nskb_cloned skb. Li Shuang has reported quite a few crashes caused\nby this when doing testing over macvlan devices:\n\n [] kernel BUG at net/core/skbuff.c:1970!\n [] Call Trace:\n [] skb_clone+0x4d/0xb0\n [] macvlan_broadcast+0xd8/0x160 [macvlan]\n [] macvlan_process_broadcast+0x148/0x150 [macvlan]\n [] process_one_work+0x1a7/0x360\n [] worker_thread+0x30/0x390\n\n [] kernel BUG at mm/usercopy.c:102!\n [] Call Trace:\n [] __check_heap_object+0xd3/0x100\n [] __check_object_size+0xff/0x16b\n [] simple_copy_to_iter+0x1c/0x30\n [] __skb_datagram_iter+0x7d/0x310\n [] __skb_datagram_iter+0x2a5/0x310\n [] skb_copy_datagram_iter+0x3b/0x90\n [] tipc_recvmsg+0x14a/0x3a0 [tipc]\n [] ____sys_recvmsg+0x91/0x150\n [] ___sys_recvmsg+0x7b/0xc0\n\n [] kernel BUG at mm/slub.c:305!\n [] Call Trace:\n [] <IRQ>\n [] kmem_cache_free+0x3ff/0x400\n [] __netif_receive_skb_core+0x12c/0xc40\n [] ? kmem_cache_alloc+0x12e/0x270\n [] netif_receive_skb_internal+0x3d/0xb0\n [] ? get_rx_page_info+0x8e/0xa0 [be2net]\n [] be_poll+0x6ef/0xd00 [be2net]\n [] ? irq_exit+0x4f/0x100\n [] net_rx_action+0x149/0x3b0\n\n ...\n\nThis patch is to fix it by linearizing the head skb if it has frag_list\nset in tipc_buf_append(). Note that we choose to do this before calling\nskb_unshare(), as __skb_linearize() will avoid skb_copy(). Also, we can\nnot just drop the frag_list either as the early time." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "45c8b7b175ce", + "lessThan": "b2c8d28c34b3", + "status": "affected", + "versionType": "git" + }, + { + "version": "45c8b7b175ce", + "lessThan": "5489f30bb78f", + "status": "affected", + "versionType": "git" + }, + { + "version": "45c8b7b175ce", + "lessThan": "436d650d3743", + "status": "affected", + "versionType": "git" + }, + { + "version": "45c8b7b175ce", + "lessThan": "4b1761898861", + "status": "affected", + "versionType": "git" + }, + { + "version": "45c8b7b175ce", + "lessThan": "64d17ec9f1de", + "status": "affected", + "versionType": "git" + }, + { + "version": "45c8b7b175ce", + "lessThan": "6da24cfc83ba", + "status": "affected", + "versionType": "git" + }, + { + "version": "45c8b7b175ce", + "lessThan": "ace300eecbcc", + "status": "affected", + "versionType": "git" + }, + { + "version": "45c8b7b175ce", + "lessThan": "b7df21cf1b79", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "4.3", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.3", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.4.271", + "lessThanOrEqual": "4.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.9.271", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.14.235", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.193", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.124", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/b2c8d28c34b3070407cb1741f9ba3f15d0284b8b" + }, + { + "url": "https://git.kernel.org/stable/c/5489f30bb78ff0dafb4229a69632afc2ba20765c" + }, + { + "url": "https://git.kernel.org/stable/c/436d650d374329a591c30339a91fa5078052ed1e" + }, + { + "url": "https://git.kernel.org/stable/c/4b1761898861117c97066aea6c58f68a7787f0bf" + }, + { + "url": "https://git.kernel.org/stable/c/64d17ec9f1ded042c4b188d15734f33486ed9966" + }, + { + "url": "https://git.kernel.org/stable/c/6da24cfc83ba4f97ea44fc7ae9999a006101755c" + }, + { + "url": "https://git.kernel.org/stable/c/ace300eecbccaa698e2b472843c74a5f33f7dce8" + }, + { + "url": "https://git.kernel.org/stable/c/b7df21cf1b79ab7026f545e7bf837bd5750ac026" + } + ], + "title": "tipc: skb_linearize the head skb when reassembling msgs", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47162", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47162.mbox b/cve/published/2021/CVE-2021-47162.mbox new file mode 100644 index 00000000..0a78e137 --- /dev/null +++ b/cve/published/2021/CVE-2021-47162.mbox @@ -0,0 +1,127 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47162: tipc: skb_linearize the head skb when reassembling msgs +Message-Id: <2024032534-CVE-2021-47162-01da@gregkh> +Content-Length: 4544 +Lines: 110 +X-Developer-Signature: v=1; a=openpgp-sha256; l=4655; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=tATufNcqLgJFZgH472b2flQonR3o/kl3CH9mCGQXetg=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDp/YZa7ObJrc5sk/YY2+tX9+ycGZ/3pifvI66MmaZ + P/eWiHWEcvCIMjEICumyPJlG8/R/RWHFL0MbU/DzGFlAhnCwMUpABP5IsKw4EKQ6VzXgFu/ZzQx + BbRnr+Ov/7cwlGEO75Knhf+2r7ATn3z0b57BzUmcLWYNAA== +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +tipc: skb_linearize the head skb when reassembling msgs + +It's not a good idea to append the frag skb to a skb's frag_list if +the frag_list already has skbs from elsewhere, such as this skb was +created by pskb_copy() where the frag_list was cloned (all the skbs +in it were skb_get'ed) and shared by multiple skbs. + +However, the new appended frag skb should have been only seen by the +current skb. Otherwise, it will cause use after free crashes as this +appended frag skb are seen by multiple skbs but it only got skb_get +called once. + +The same thing happens with a skb updated by pskb_may_pull() with a +skb_cloned skb. Li Shuang has reported quite a few crashes caused +by this when doing testing over macvlan devices: + + [] kernel BUG at net/core/skbuff.c:1970! + [] Call Trace: + [] skb_clone+0x4d/0xb0 + [] macvlan_broadcast+0xd8/0x160 [macvlan] + [] macvlan_process_broadcast+0x148/0x150 [macvlan] + [] process_one_work+0x1a7/0x360 + [] worker_thread+0x30/0x390 + + [] kernel BUG at mm/usercopy.c:102! + [] Call Trace: + [] __check_heap_object+0xd3/0x100 + [] __check_object_size+0xff/0x16b + [] simple_copy_to_iter+0x1c/0x30 + [] __skb_datagram_iter+0x7d/0x310 + [] __skb_datagram_iter+0x2a5/0x310 + [] skb_copy_datagram_iter+0x3b/0x90 + [] tipc_recvmsg+0x14a/0x3a0 [tipc] + [] ____sys_recvmsg+0x91/0x150 + [] ___sys_recvmsg+0x7b/0xc0 + + [] kernel BUG at mm/slub.c:305! + [] Call Trace: + [] <IRQ> + [] kmem_cache_free+0x3ff/0x400 + [] __netif_receive_skb_core+0x12c/0xc40 + [] ? kmem_cache_alloc+0x12e/0x270 + [] netif_receive_skb_internal+0x3d/0xb0 + [] ? get_rx_page_info+0x8e/0xa0 [be2net] + [] be_poll+0x6ef/0xd00 [be2net] + [] ? irq_exit+0x4f/0x100 + [] net_rx_action+0x149/0x3b0 + + ... + +This patch is to fix it by linearizing the head skb if it has frag_list +set in tipc_buf_append(). Note that we choose to do this before calling +skb_unshare(), as __skb_linearize() will avoid skb_copy(). Also, we can +not just drop the frag_list either as the early time. + +The Linux kernel CVE team has assigned CVE-2021-47162 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 4.3 with commit 45c8b7b175ce and fixed in 4.4.271 with commit b2c8d28c34b3 + Issue introduced in 4.3 with commit 45c8b7b175ce and fixed in 4.9.271 with commit 5489f30bb78f + Issue introduced in 4.3 with commit 45c8b7b175ce and fixed in 4.14.235 with commit 436d650d3743 + Issue introduced in 4.3 with commit 45c8b7b175ce and fixed in 4.19.193 with commit 4b1761898861 + Issue introduced in 4.3 with commit 45c8b7b175ce and fixed in 5.4.124 with commit 64d17ec9f1de + Issue introduced in 4.3 with commit 45c8b7b175ce and fixed in 5.10.42 with commit 6da24cfc83ba + Issue introduced in 4.3 with commit 45c8b7b175ce and fixed in 5.12.9 with commit ace300eecbcc + Issue introduced in 4.3 with commit 45c8b7b175ce and fixed in 5.13 with commit b7df21cf1b79 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47162 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + net/tipc/msg.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/b2c8d28c34b3070407cb1741f9ba3f15d0284b8b + https://git.kernel.org/stable/c/5489f30bb78ff0dafb4229a69632afc2ba20765c + https://git.kernel.org/stable/c/436d650d374329a591c30339a91fa5078052ed1e + https://git.kernel.org/stable/c/4b1761898861117c97066aea6c58f68a7787f0bf + https://git.kernel.org/stable/c/64d17ec9f1ded042c4b188d15734f33486ed9966 + https://git.kernel.org/stable/c/6da24cfc83ba4f97ea44fc7ae9999a006101755c + https://git.kernel.org/stable/c/ace300eecbccaa698e2b472843c74a5f33f7dce8 + https://git.kernel.org/stable/c/b7df21cf1b79ab7026f545e7bf837bd5750ac026 diff --git a/cve/published/2021/CVE-2021-47162.sha1 b/cve/published/2021/CVE-2021-47162.sha1 new file mode 100644 index 00000000..9b290242 --- /dev/null +++ b/cve/published/2021/CVE-2021-47162.sha1 @@ -0,0 +1 @@ +b7df21cf1b79ab7026f545e7bf837bd5750ac026 diff --git a/cve/reserved/2021/CVE-2021-47163 b/cve/published/2021/CVE-2021-47163 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47163 +++ b/cve/published/2021/CVE-2021-47163 diff --git a/cve/published/2021/CVE-2021-47163.json b/cve/published/2021/CVE-2021-47163.json new file mode 100644 index 00000000..7c001a15 --- /dev/null +++ b/cve/published/2021/CVE-2021-47163.json @@ -0,0 +1,118 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: wait and exit until all work queues are done\n\nOn some host, a crash could be triggered simply by repeating these\ncommands several times:\n\n # modprobe tipc\n # tipc bearer enable media udp name UDP1 localip 127.0.0.1\n # rmmod tipc\n\n [] BUG: unable to handle kernel paging request at ffffffffc096bb00\n [] Workqueue: events 0xffffffffc096bb00\n [] Call Trace:\n [] ? process_one_work+0x1a7/0x360\n [] ? worker_thread+0x30/0x390\n [] ? create_worker+0x1a0/0x1a0\n [] ? kthread+0x116/0x130\n [] ? kthread_flush_work_fn+0x10/0x10\n [] ? ret_from_fork+0x35/0x40\n\nWhen removing the TIPC module, the UDP tunnel sock will be delayed to\nrelease in a work queue as sock_release() can't be done in rtnl_lock().\nIf the work queue is schedule to run after the TIPC module is removed,\nkernel will crash as the work queue function cleanup_beareri() code no\nlonger exists when trying to invoke it.\n\nTo fix it, this patch introduce a member wq_count in tipc_net to track\nthe numbers of work queues in schedule, and wait and exit until all\nwork queues are done in tipc_exit_net()." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "d0f91938bede", + "lessThan": "d1f76dfadaf8", + "status": "affected", + "versionType": "git" + }, + { + "version": "d0f91938bede", + "lessThan": "5195ec5e365a", + "status": "affected", + "versionType": "git" + }, + { + "version": "d0f91938bede", + "lessThan": "b9f5b7ad4ac3", + "status": "affected", + "versionType": "git" + }, + { + "version": "d0f91938bede", + "lessThan": "04c26faa51d1", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "4.1", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.1", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.124", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/d1f76dfadaf8f47ed1753f97dbcbd41c16215ffa" + }, + { + "url": "https://git.kernel.org/stable/c/5195ec5e365a2a9331bfeb585b613a6e94f98dba" + }, + { + "url": "https://git.kernel.org/stable/c/b9f5b7ad4ac3af006443f535b1ce7bff1d130d7d" + }, + { + "url": "https://git.kernel.org/stable/c/04c26faa51d1e2fe71cf13c45791f5174c37f986" + } + ], + "title": "tipc: wait and exit until all work queues are done", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47163", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47163.mbox b/cve/published/2021/CVE-2021-47163.mbox new file mode 100644 index 00000000..f2b2a4a2 --- /dev/null +++ b/cve/published/2021/CVE-2021-47163.mbox @@ -0,0 +1,95 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47163: tipc: wait and exit until all work queues are done +Message-Id: <2024032534-CVE-2021-47163-3ab9@gregkh> +Content-Length: 2991 +Lines: 78 +X-Developer-Signature: v=1; a=openpgp-sha256; l=3070; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=hFpDtmRvOtpqvOlVRGh75xTao9WCgAIx3vkPB7bH4ys=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDp9L936dW/xBIXXpm9g/Ajc+rnjeqqYpLxd9wmX14 + r0aDPkbOmJZGASZGGTFFFm+bOM5ur/ikKKXoe1pmDmsTCBDGLg4BWAiH0UY5vvda0l/ujX05aqG + OzcW3FmSE2WpvYBhwelHsX8bGS05mv9+dQ8T2mT4qPzvSgA= +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +tipc: wait and exit until all work queues are done + +On some host, a crash could be triggered simply by repeating these +commands several times: + + # modprobe tipc + # tipc bearer enable media udp name UDP1 localip 127.0.0.1 + # rmmod tipc + + [] BUG: unable to handle kernel paging request at ffffffffc096bb00 + [] Workqueue: events 0xffffffffc096bb00 + [] Call Trace: + [] ? process_one_work+0x1a7/0x360 + [] ? worker_thread+0x30/0x390 + [] ? create_worker+0x1a0/0x1a0 + [] ? kthread+0x116/0x130 + [] ? kthread_flush_work_fn+0x10/0x10 + [] ? ret_from_fork+0x35/0x40 + +When removing the TIPC module, the UDP tunnel sock will be delayed to +release in a work queue as sock_release() can't be done in rtnl_lock(). +If the work queue is schedule to run after the TIPC module is removed, +kernel will crash as the work queue function cleanup_beareri() code no +longer exists when trying to invoke it. + +To fix it, this patch introduce a member wq_count in tipc_net to track +the numbers of work queues in schedule, and wait and exit until all +work queues are done in tipc_exit_net(). + +The Linux kernel CVE team has assigned CVE-2021-47163 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 4.1 with commit d0f91938bede and fixed in 5.4.124 with commit d1f76dfadaf8 + Issue introduced in 4.1 with commit d0f91938bede and fixed in 5.10.42 with commit 5195ec5e365a + Issue introduced in 4.1 with commit d0f91938bede and fixed in 5.12.9 with commit b9f5b7ad4ac3 + Issue introduced in 4.1 with commit d0f91938bede and fixed in 5.13 with commit 04c26faa51d1 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47163 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + net/tipc/core.c + net/tipc/core.h + net/tipc/udp_media.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/d1f76dfadaf8f47ed1753f97dbcbd41c16215ffa + https://git.kernel.org/stable/c/5195ec5e365a2a9331bfeb585b613a6e94f98dba + https://git.kernel.org/stable/c/b9f5b7ad4ac3af006443f535b1ce7bff1d130d7d + https://git.kernel.org/stable/c/04c26faa51d1e2fe71cf13c45791f5174c37f986 diff --git a/cve/published/2021/CVE-2021-47163.sha1 b/cve/published/2021/CVE-2021-47163.sha1 new file mode 100644 index 00000000..75eac70b --- /dev/null +++ b/cve/published/2021/CVE-2021-47163.sha1 @@ -0,0 +1 @@ +04c26faa51d1e2fe71cf13c45791f5174c37f986 diff --git a/cve/reserved/2021/CVE-2021-47164 b/cve/published/2021/CVE-2021-47164 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47164 +++ b/cve/published/2021/CVE-2021-47164 diff --git a/cve/published/2021/CVE-2021-47164.json b/cve/published/2021/CVE-2021-47164.json new file mode 100644 index 00000000..ae712941 --- /dev/null +++ b/cve/published/2021/CVE-2021-47164.json @@ -0,0 +1,103 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix null deref accessing lag dev\n\nIt could be the lag dev is null so stop processing the event.\nIn bond_enslave() the active/backup slave being set before setting the\nupper dev so first event is without an upper dev.\nAfter setting the upper dev with bond_master_upper_dev_link() there is\na second event and in that event we have an upper dev." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "7e51891a237f", + "lessThan": "2e4b0b95a489", + "status": "affected", + "versionType": "git" + }, + { + "version": "7e51891a237f", + "lessThan": "bdfd3593a824", + "status": "affected", + "versionType": "git" + }, + { + "version": "7e51891a237f", + "lessThan": "83026d83186b", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "5.8", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.8", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/2e4b0b95a489259f9d35a3db17023061f8f3d587" + }, + { + "url": "https://git.kernel.org/stable/c/bdfd3593a8248eea6ecfcbf7b47b56b86515672d" + }, + { + "url": "https://git.kernel.org/stable/c/83026d83186bc48bb41ee4872f339b83f31dfc55" + } + ], + "title": "net/mlx5e: Fix null deref accessing lag dev", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47164", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47164.mbox b/cve/published/2021/CVE-2021-47164.mbox new file mode 100644 index 00000000..5f72a0ab --- /dev/null +++ b/cve/published/2021/CVE-2021-47164.mbox @@ -0,0 +1,70 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47164: net/mlx5e: Fix null deref accessing lag dev +Message-Id: <2024032535-CVE-2021-47164-0581@gregkh> +Content-Length: 2096 +Lines: 53 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2150; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=+UUy18T2j6zLqwjWEIPzEBa6oRLVe1xkED0wCB1/f04=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDp+nrSvSEb8YK772bX1Lp4RDaISxyoT9nAI7Z8Vsm + PvXVT2kI5aFQZCJQVZMkeXLNp6j+ysOKXoZ2p6GmcPKBDKEgYtTACZyIpBhvrd64gPDNTNsRNll + Nv8M+ml39ugFN4b5OdwyS9M3+DRn8i37eU/2Stg1n++PAA== +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +net/mlx5e: Fix null deref accessing lag dev + +It could be the lag dev is null so stop processing the event. +In bond_enslave() the active/backup slave being set before setting the +upper dev so first event is without an upper dev. +After setting the upper dev with bond_master_upper_dev_link() there is +a second event and in that event we have an upper dev. + +The Linux kernel CVE team has assigned CVE-2021-47164 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 5.8 with commit 7e51891a237f and fixed in 5.10.42 with commit 2e4b0b95a489 + Issue introduced in 5.8 with commit 7e51891a237f and fixed in 5.12.9 with commit bdfd3593a824 + Issue introduced in 5.8 with commit 7e51891a237f and fixed in 5.13 with commit 83026d83186b + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47164 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + drivers/net/ethernet/mellanox/mlx5/core/en/rep/bond.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/2e4b0b95a489259f9d35a3db17023061f8f3d587 + https://git.kernel.org/stable/c/bdfd3593a8248eea6ecfcbf7b47b56b86515672d + https://git.kernel.org/stable/c/83026d83186bc48bb41ee4872f339b83f31dfc55 diff --git a/cve/published/2021/CVE-2021-47164.sha1 b/cve/published/2021/CVE-2021-47164.sha1 new file mode 100644 index 00000000..bfbf921f --- /dev/null +++ b/cve/published/2021/CVE-2021-47164.sha1 @@ -0,0 +1 @@ +83026d83186bc48bb41ee4872f339b83f31dfc55 diff --git a/cve/reserved/2021/CVE-2021-47165 b/cve/published/2021/CVE-2021-47165 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47165 +++ b/cve/published/2021/CVE-2021-47165 diff --git a/cve/published/2021/CVE-2021-47165.json b/cve/published/2021/CVE-2021-47165.json new file mode 100644 index 00000000..67e715e1 --- /dev/null +++ b/cve/published/2021/CVE-2021-47165.json @@ -0,0 +1,138 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/meson: fix shutdown crash when component not probed\n\nWhen main component is not probed, by example when the dw-hdmi module is\nnot loaded yet or in probe defer, the following crash appears on shutdown:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000038\n...\npc : meson_drv_shutdown+0x24/0x50\nlr : platform_drv_shutdown+0x20/0x30\n...\nCall trace:\nmeson_drv_shutdown+0x24/0x50\nplatform_drv_shutdown+0x20/0x30\ndevice_shutdown+0x158/0x360\nkernel_restart_prepare+0x38/0x48\nkernel_restart+0x18/0x68\n__do_sys_reboot+0x224/0x250\n__arm64_sys_reboot+0x24/0x30\n...\n\nSimply check if the priv struct has been allocated before using it." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "8a5160cc8488", + "lessThan": "b4298d33c1fc", + "status": "affected", + "versionType": "git" + }, + { + "version": "8fbbf2b38494", + "lessThan": "e256a0eb43e1", + "status": "affected", + "versionType": "git" + }, + { + "version": "d2100ef32a8c", + "lessThan": "4ce2bf20b4a6", + "status": "affected", + "versionType": "git" + }, + { + "version": "d4ec1ffbdaa8", + "lessThan": "d66083c0d6f5", + "status": "affected", + "versionType": "git" + }, + { + "version": "fa0c16caf3d7", + "lessThan": "b4b91033a0b1", + "status": "affected", + "versionType": "git" + }, + { + "version": "fa0c16caf3d7", + "lessThan": "7cfc4ea78fc1", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "4.14.235", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.193", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.124", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/b4298d33c1fcce511ffe84d8d3de07e220300f9b" + }, + { + "url": "https://git.kernel.org/stable/c/e256a0eb43e17209e347409a80805b1659398d68" + }, + { + "url": "https://git.kernel.org/stable/c/4ce2bf20b4a6e307e114847d60b2bf40a6a1fac0" + }, + { + "url": "https://git.kernel.org/stable/c/d66083c0d6f5125a4d982aa177dd71ab4cd3d212" + }, + { + "url": "https://git.kernel.org/stable/c/b4b91033a0b11fe9ade58156cd9168f89f4a8c1a" + }, + { + "url": "https://git.kernel.org/stable/c/7cfc4ea78fc103ea51ecbacd9236abb5b1c490d2" + } + ], + "title": "drm/meson: fix shutdown crash when component not probed", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47165", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47165.mbox b/cve/published/2021/CVE-2021-47165.mbox new file mode 100644 index 00000000..9c6dd05a --- /dev/null +++ b/cve/published/2021/CVE-2021-47165.mbox @@ -0,0 +1,90 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47165: drm/meson: fix shutdown crash when component not probed +Message-Id: <2024032535-CVE-2021-47165-95d9@gregkh> +Content-Length: 2913 +Lines: 73 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2987; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=v7PRApWrCmEa5Qt7DRUzT/yGkhyBevvmXaRk77RvvLg=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDp8NGY+e2ZxY4MUtf4rrzk631nMZqrs97MuYExruT + +FgWrW2I5aFQZCJQVZMkeXLNp6j+ysOKXoZ2p6GmcPKBDKEgYtTACayzY9hnqnM0Vktr2b2KD54 + NCuu7lpEqcOClQwLtmT8U/ryVsLwtkibnExFu/Os2j8fAA== +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +drm/meson: fix shutdown crash when component not probed + +When main component is not probed, by example when the dw-hdmi module is +not loaded yet or in probe defer, the following crash appears on shutdown: + +Unable to handle kernel NULL pointer dereference at virtual address 0000000000000038 +... +pc : meson_drv_shutdown+0x24/0x50 +lr : platform_drv_shutdown+0x20/0x30 +... +Call trace: +meson_drv_shutdown+0x24/0x50 +platform_drv_shutdown+0x20/0x30 +device_shutdown+0x158/0x360 +kernel_restart_prepare+0x38/0x48 +kernel_restart+0x18/0x68 +__do_sys_reboot+0x224/0x250 +__arm64_sys_reboot+0x24/0x30 +... + +Simply check if the priv struct has been allocated before using it. + +The Linux kernel CVE team has assigned CVE-2021-47165 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 4.14.226 with commit 8a5160cc8488 and fixed in 4.14.235 with commit b4298d33c1fc + Issue introduced in 4.19.181 with commit 8fbbf2b38494 and fixed in 4.19.193 with commit e256a0eb43e1 + Issue introduced in 5.4.106 with commit d2100ef32a8c and fixed in 5.4.124 with commit 4ce2bf20b4a6 + Issue introduced in 5.10.24 with commit d4ec1ffbdaa8 and fixed in 5.10.42 with commit d66083c0d6f5 + Issue introduced in 5.12 with commit fa0c16caf3d7 and fixed in 5.12.9 with commit b4b91033a0b1 + Issue introduced in 5.12 with commit fa0c16caf3d7 and fixed in 5.13 with commit 7cfc4ea78fc1 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47165 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + drivers/gpu/drm/meson/meson_drv.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/b4298d33c1fcce511ffe84d8d3de07e220300f9b + https://git.kernel.org/stable/c/e256a0eb43e17209e347409a80805b1659398d68 + https://git.kernel.org/stable/c/4ce2bf20b4a6e307e114847d60b2bf40a6a1fac0 + https://git.kernel.org/stable/c/d66083c0d6f5125a4d982aa177dd71ab4cd3d212 + https://git.kernel.org/stable/c/b4b91033a0b11fe9ade58156cd9168f89f4a8c1a + https://git.kernel.org/stable/c/7cfc4ea78fc103ea51ecbacd9236abb5b1c490d2 diff --git a/cve/published/2021/CVE-2021-47165.sha1 b/cve/published/2021/CVE-2021-47165.sha1 new file mode 100644 index 00000000..9d477591 --- /dev/null +++ b/cve/published/2021/CVE-2021-47165.sha1 @@ -0,0 +1 @@ +7cfc4ea78fc103ea51ecbacd9236abb5b1c490d2 diff --git a/cve/reserved/2021/CVE-2021-47166 b/cve/published/2021/CVE-2021-47166 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47166 +++ b/cve/published/2021/CVE-2021-47166 diff --git a/cve/published/2021/CVE-2021-47166.json b/cve/published/2021/CVE-2021-47166.json new file mode 100644 index 00000000..1c94f343 --- /dev/null +++ b/cve/published/2021/CVE-2021-47166.json @@ -0,0 +1,178 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()\n\nThe value of mirror->pg_bytes_written should only be updated after a\nsuccessful attempt to flush out the requests on the list." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "a7d42ddb3099", + "lessThan": "e8b8418ce14a", + "status": "affected", + "versionType": "git" + }, + { + "version": "a7d42ddb3099", + "lessThan": "b291baae24f8", + "status": "affected", + "versionType": "git" + }, + { + "version": "a7d42ddb3099", + "lessThan": "c757c1f1e65d", + "status": "affected", + "versionType": "git" + }, + { + "version": "a7d42ddb3099", + "lessThan": "40f139a6d50c", + "status": "affected", + "versionType": "git" + }, + { + "version": "a7d42ddb3099", + "lessThan": "785917316b25", + "status": "affected", + "versionType": "git" + }, + { + "version": "a7d42ddb3099", + "lessThan": "7087db95c0a0", + "status": "affected", + "versionType": "git" + }, + { + "version": "a7d42ddb3099", + "lessThan": "2fe1cac336b5", + "status": "affected", + "versionType": "git" + }, + { + "version": "a7d42ddb3099", + "lessThan": "0d0ea309357d", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "4.0", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.0", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.4.271", + "lessThanOrEqual": "4.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.9.271", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.14.235", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.193", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.124", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/e8b8418ce14ae66ee55179901edd12191ab06a9e" + }, + { + "url": "https://git.kernel.org/stable/c/b291baae24f876acd5a5dd57d0bb2bbac8a68b0c" + }, + { + "url": "https://git.kernel.org/stable/c/c757c1f1e65d89429db1409429436cf40d47c008" + }, + { + "url": "https://git.kernel.org/stable/c/40f139a6d50c232c0d1fd1c5e65a845c62db0ede" + }, + { + "url": "https://git.kernel.org/stable/c/785917316b25685c9b3a2a88f933139f2de75e33" + }, + { + "url": "https://git.kernel.org/stable/c/7087db95c0a06ab201b8ebfac6a7ec1e34257997" + }, + { + "url": "https://git.kernel.org/stable/c/2fe1cac336b55a1f79e603e9ce3552c3623e90eb" + }, + { + "url": "https://git.kernel.org/stable/c/0d0ea309357dea0d85a82815f02157eb7fcda39f" + } + ], + "title": "NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47166", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47166.mbox b/cve/published/2021/CVE-2021-47166.mbox new file mode 100644 index 00000000..60dbc594 --- /dev/null +++ b/cve/published/2021/CVE-2021-47166.mbox @@ -0,0 +1,77 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47166: NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() +Message-Id: <2024032535-CVE-2021-47166-6ab7@gregkh> +Content-Length: 2758 +Lines: 60 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2819; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=nuFl2MV2dlzF8yKOUpaB8bniHZ0cKu/Y8Zz8B0hfozE=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDp+36ScfVDA746Ai2/JV8f/bTtZP91YlLjPNFcpac + 6Z5pvXTjlgWBkEmBlkxRZYv23iO7q84pOhlaHsaZg4rE8gQBi5OAZiIRCLD/OhnJuZx+79GBYSk + cn/qavsRNLe7jmF+VNDMHSJZ8TvYdwWFMdd8+9x3YcIqAA== +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() + +The value of mirror->pg_bytes_written should only be updated after a +successful attempt to flush out the requests on the list. + +The Linux kernel CVE team has assigned CVE-2021-47166 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 4.0 with commit a7d42ddb3099 and fixed in 4.4.271 with commit e8b8418ce14a + Issue introduced in 4.0 with commit a7d42ddb3099 and fixed in 4.9.271 with commit b291baae24f8 + Issue introduced in 4.0 with commit a7d42ddb3099 and fixed in 4.14.235 with commit c757c1f1e65d + Issue introduced in 4.0 with commit a7d42ddb3099 and fixed in 4.19.193 with commit 40f139a6d50c + Issue introduced in 4.0 with commit a7d42ddb3099 and fixed in 5.4.124 with commit 785917316b25 + Issue introduced in 4.0 with commit a7d42ddb3099 and fixed in 5.10.42 with commit 7087db95c0a0 + Issue introduced in 4.0 with commit a7d42ddb3099 and fixed in 5.12.9 with commit 2fe1cac336b5 + Issue introduced in 4.0 with commit a7d42ddb3099 and fixed in 5.13 with commit 0d0ea309357d + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47166 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + fs/nfs/pagelist.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/e8b8418ce14ae66ee55179901edd12191ab06a9e + https://git.kernel.org/stable/c/b291baae24f876acd5a5dd57d0bb2bbac8a68b0c + https://git.kernel.org/stable/c/c757c1f1e65d89429db1409429436cf40d47c008 + https://git.kernel.org/stable/c/40f139a6d50c232c0d1fd1c5e65a845c62db0ede + https://git.kernel.org/stable/c/785917316b25685c9b3a2a88f933139f2de75e33 + https://git.kernel.org/stable/c/7087db95c0a06ab201b8ebfac6a7ec1e34257997 + https://git.kernel.org/stable/c/2fe1cac336b55a1f79e603e9ce3552c3623e90eb + https://git.kernel.org/stable/c/0d0ea309357dea0d85a82815f02157eb7fcda39f diff --git a/cve/published/2021/CVE-2021-47166.sha1 b/cve/published/2021/CVE-2021-47166.sha1 new file mode 100644 index 00000000..1152326e --- /dev/null +++ b/cve/published/2021/CVE-2021-47166.sha1 @@ -0,0 +1 @@ +0d0ea309357dea0d85a82815f02157eb7fcda39f diff --git a/cve/reserved/2021/CVE-2021-47167 b/cve/published/2021/CVE-2021-47167 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47167 +++ b/cve/published/2021/CVE-2021-47167 diff --git a/cve/published/2021/CVE-2021-47167.json b/cve/published/2021/CVE-2021-47167.json new file mode 100644 index 00000000..532e1fb3 --- /dev/null +++ b/cve/published/2021/CVE-2021-47167.json @@ -0,0 +1,118 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix an Oopsable condition in __nfs_pageio_add_request()\n\nEnsure that nfs_pageio_error_cleanup() resets the mirror array contents,\nso that the structure reflects the fact that it is now empty.\nAlso change the test in nfs_pageio_do_add_request() to be more robust by\nchecking whether or not the list is empty rather than relying on the\nvalue of pg_count." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "a7d42ddb3099", + "lessThan": "1fc5f4eb9d31", + "status": "affected", + "versionType": "git" + }, + { + "version": "a7d42ddb3099", + "lessThan": "ee21cd3aa854", + "status": "affected", + "versionType": "git" + }, + { + "version": "a7d42ddb3099", + "lessThan": "15ac6f147876", + "status": "affected", + "versionType": "git" + }, + { + "version": "a7d42ddb3099", + "lessThan": "56517ab958b7", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "4.0", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.0", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.124", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/1fc5f4eb9d31268ac3ce152d74ad5501ad24ca3e" + }, + { + "url": "https://git.kernel.org/stable/c/ee21cd3aa8548e0cbc8c67a80b62113aedd2d101" + }, + { + "url": "https://git.kernel.org/stable/c/15ac6f14787649e8ebd75c142e2c5d2a243c8490" + }, + { + "url": "https://git.kernel.org/stable/c/56517ab958b7c11030e626250c00b9b1a24b41eb" + } + ], + "title": "NFS: Fix an Oopsable condition in __nfs_pageio_add_request()", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47167", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47167.mbox b/cve/published/2021/CVE-2021-47167.mbox new file mode 100644 index 00000000..47dea6cc --- /dev/null +++ b/cve/published/2021/CVE-2021-47167.mbox @@ -0,0 +1,72 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47167: NFS: Fix an Oopsable condition in __nfs_pageio_add_request() +Message-Id: <2024032535-CVE-2021-47167-c68c@gregkh> +Content-Length: 2234 +Lines: 55 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2290; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=PnqneVCEo66rhY1SAql2aCcBw49tkyXvdYAhNZEZEvY=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDl/+LQjNjGv9U/mmaXt01rwT5acNd3cwZ+UmTd8+t + zbQPb6+I5aFQZCJQVZMkeXLNp6j+ysOKXoZ2p6GmcPKBDKEgYtTACbyOpZhwQLW1CeNx49kfkic + sMkvMOlmzTm3SwyzWVOd47fvZ3y2dsKcPU9DV/DlXeVXAAA= +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +NFS: Fix an Oopsable condition in __nfs_pageio_add_request() + +Ensure that nfs_pageio_error_cleanup() resets the mirror array contents, +so that the structure reflects the fact that it is now empty. +Also change the test in nfs_pageio_do_add_request() to be more robust by +checking whether or not the list is empty rather than relying on the +value of pg_count. + +The Linux kernel CVE team has assigned CVE-2021-47167 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 4.0 with commit a7d42ddb3099 and fixed in 5.4.124 with commit 1fc5f4eb9d31 + Issue introduced in 4.0 with commit a7d42ddb3099 and fixed in 5.10.42 with commit ee21cd3aa854 + Issue introduced in 4.0 with commit a7d42ddb3099 and fixed in 5.12.9 with commit 15ac6f147876 + Issue introduced in 4.0 with commit a7d42ddb3099 and fixed in 5.13 with commit 56517ab958b7 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47167 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + fs/nfs/pagelist.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/1fc5f4eb9d31268ac3ce152d74ad5501ad24ca3e + https://git.kernel.org/stable/c/ee21cd3aa8548e0cbc8c67a80b62113aedd2d101 + https://git.kernel.org/stable/c/15ac6f14787649e8ebd75c142e2c5d2a243c8490 + https://git.kernel.org/stable/c/56517ab958b7c11030e626250c00b9b1a24b41eb diff --git a/cve/published/2021/CVE-2021-47167.sha1 b/cve/published/2021/CVE-2021-47167.sha1 new file mode 100644 index 00000000..e25c161d --- /dev/null +++ b/cve/published/2021/CVE-2021-47167.sha1 @@ -0,0 +1 @@ +56517ab958b7c11030e626250c00b9b1a24b41eb diff --git a/cve/reserved/2021/CVE-2021-47168 b/cve/published/2021/CVE-2021-47168 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47168 +++ b/cve/published/2021/CVE-2021-47168 diff --git a/cve/published/2021/CVE-2021-47168.json b/cve/published/2021/CVE-2021-47168.json new file mode 100644 index 00000000..a801a3ec --- /dev/null +++ b/cve/published/2021/CVE-2021-47168.json @@ -0,0 +1,178 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: fix an incorrect limit in filelayout_decode_layout()\n\nThe \"sizeof(struct nfs_fh)\" is two bytes too large and could lead to\nmemory corruption. It should be NFS_MAXFHSIZE because that's the size\nof the ->data[] buffer.\n\nI reversed the size of the arguments to put the variable on the left." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "16b374ca439f", + "lessThan": "9d280ab53df1", + "status": "affected", + "versionType": "git" + }, + { + "version": "16b374ca439f", + "lessThan": "b287521e9e94", + "status": "affected", + "versionType": "git" + }, + { + "version": "16b374ca439f", + "lessThan": "f299522eda15", + "status": "affected", + "versionType": "git" + }, + { + "version": "16b374ca439f", + "lessThan": "945ebef99722", + "status": "affected", + "versionType": "git" + }, + { + "version": "16b374ca439f", + "lessThan": "e411df81cd86", + "status": "affected", + "versionType": "git" + }, + { + "version": "16b374ca439f", + "lessThan": "9b367fe770b1", + "status": "affected", + "versionType": "git" + }, + { + "version": "16b374ca439f", + "lessThan": "d34fb628f6ef", + "status": "affected", + "versionType": "git" + }, + { + "version": "16b374ca439f", + "lessThan": "769b01ea68b6", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "2.6.37", + "status": "affected" + }, + { + "version": "0", + "lessThan": "2.6.37", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.4.271", + "lessThanOrEqual": "4.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.9.271", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.14.235", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.193", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.124", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/9d280ab53df1d4a1043bd7a9e7c6a2f9cfbfe040" + }, + { + "url": "https://git.kernel.org/stable/c/b287521e9e94bb342ebe5fd8c3fd7db9aef4e6f1" + }, + { + "url": "https://git.kernel.org/stable/c/f299522eda1566cbfbae4b15c82970fc41b03714" + }, + { + "url": "https://git.kernel.org/stable/c/945ebef997227ca8c20bad7f8a8358c8ee57a84a" + }, + { + "url": "https://git.kernel.org/stable/c/e411df81cd862ef3d5b878120b2a2fef0ca9cdb1" + }, + { + "url": "https://git.kernel.org/stable/c/9b367fe770b1b80d7bf64ed0d177544a44405f6e" + }, + { + "url": "https://git.kernel.org/stable/c/d34fb628f6ef522f996205a9e578216bbee09e84" + }, + { + "url": "https://git.kernel.org/stable/c/769b01ea68b6c49dc3cde6adf7e53927dacbd3a8" + } + ], + "title": "NFS: fix an incorrect limit in filelayout_decode_layout()", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47168", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47168.mbox b/cve/published/2021/CVE-2021-47168.mbox new file mode 100644 index 00000000..e35847e2 --- /dev/null +++ b/cve/published/2021/CVE-2021-47168.mbox @@ -0,0 +1,80 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47168: NFS: fix an incorrect limit in filelayout_decode_layout() +Message-Id: <2024032536-CVE-2021-47168-2916@gregkh> +Content-Length: 2889 +Lines: 63 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2953; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=D6jU9GtS7/EASJrZo+KYAbTtw6nInDj5etJgkHpwOFs=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDl88Ht22mGDVuf9sH+eWZ+9nyibYMCj5MYdNemsx+ + XH61EXvO2JZGASZGGTFFFm+bOM5ur/ikKKXoe1pmDmsTCBDGLg4BWAiBx8xzOGU3RAovWLxvRkX + wyrZo8uyTJ0bBRjmByRf6ZZ7VF3C+sxz6qQjc5YWZl+bDQA= +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +NFS: fix an incorrect limit in filelayout_decode_layout() + +The "sizeof(struct nfs_fh)" is two bytes too large and could lead to +memory corruption. It should be NFS_MAXFHSIZE because that's the size +of the ->data[] buffer. + +I reversed the size of the arguments to put the variable on the left. + +The Linux kernel CVE team has assigned CVE-2021-47168 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 2.6.37 with commit 16b374ca439f and fixed in 4.4.271 with commit 9d280ab53df1 + Issue introduced in 2.6.37 with commit 16b374ca439f and fixed in 4.9.271 with commit b287521e9e94 + Issue introduced in 2.6.37 with commit 16b374ca439f and fixed in 4.14.235 with commit f299522eda15 + Issue introduced in 2.6.37 with commit 16b374ca439f and fixed in 4.19.193 with commit 945ebef99722 + Issue introduced in 2.6.37 with commit 16b374ca439f and fixed in 5.4.124 with commit e411df81cd86 + Issue introduced in 2.6.37 with commit 16b374ca439f and fixed in 5.10.42 with commit 9b367fe770b1 + Issue introduced in 2.6.37 with commit 16b374ca439f and fixed in 5.12.9 with commit d34fb628f6ef + Issue introduced in 2.6.37 with commit 16b374ca439f and fixed in 5.13 with commit 769b01ea68b6 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47168 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + fs/nfs/filelayout/filelayout.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/9d280ab53df1d4a1043bd7a9e7c6a2f9cfbfe040 + https://git.kernel.org/stable/c/b287521e9e94bb342ebe5fd8c3fd7db9aef4e6f1 + https://git.kernel.org/stable/c/f299522eda1566cbfbae4b15c82970fc41b03714 + https://git.kernel.org/stable/c/945ebef997227ca8c20bad7f8a8358c8ee57a84a + https://git.kernel.org/stable/c/e411df81cd862ef3d5b878120b2a2fef0ca9cdb1 + https://git.kernel.org/stable/c/9b367fe770b1b80d7bf64ed0d177544a44405f6e + https://git.kernel.org/stable/c/d34fb628f6ef522f996205a9e578216bbee09e84 + https://git.kernel.org/stable/c/769b01ea68b6c49dc3cde6adf7e53927dacbd3a8 diff --git a/cve/published/2021/CVE-2021-47168.sha1 b/cve/published/2021/CVE-2021-47168.sha1 new file mode 100644 index 00000000..9df41f87 --- /dev/null +++ b/cve/published/2021/CVE-2021-47168.sha1 @@ -0,0 +1 @@ +769b01ea68b6c49dc3cde6adf7e53927dacbd3a8 diff --git a/cve/reserved/2021/CVE-2021-47169 b/cve/published/2021/CVE-2021-47169 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47169 +++ b/cve/published/2021/CVE-2021-47169 diff --git a/cve/published/2021/CVE-2021-47169.json b/cve/published/2021/CVE-2021-47169.json new file mode 100644 index 00000000..7d52cbd8 --- /dev/null +++ b/cve/published/2021/CVE-2021-47169.json @@ -0,0 +1,168 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'\n\nIn 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls\n'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the\nfirmware don't exists, function just return without initializing ports\nof 'rp2_card'. But now the interrupt handler function has been\nregistered, and when an interrupt comes, 'rp2_uart_interrupt' may access\nthose ports then causing NULL pointer dereference or other bugs.\n\nBecause the driver does some initialization work in 'rp2_fw_cb', in\norder to make the driver ready to handle interrupts, 'request_firmware'\nshould be used instead of asynchronous 'request_firmware_nowait'.\n\nThis report reveals it:\n\nINFO: trying to register non-static key.\nthe code is fine but needs lockdep annotation.\nturning off the locking correctness validator.\nCPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-\ngc9ba5276e321-prebuilt.qemu.org 04/01/2014\nCall Trace:\n <IRQ>\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0xec/0x156 lib/dump_stack.c:118\n assign_lock_key kernel/locking/lockdep.c:727 [inline]\n register_lock_class+0x14e5/0x1ba0 kernel/locking/lockdep.c:753\n __lock_acquire+0x187/0x3750 kernel/locking/lockdep.c:3303\n lock_acquire+0x124/0x340 kernel/locking/lockdep.c:3907\n __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]\n _raw_spin_lock+0x32/0x50 kernel/locking/spinlock.c:144\n spin_lock include/linux/spinlock.h:329 [inline]\n rp2_ch_interrupt drivers/tty/serial/rp2.c:466 [inline]\n rp2_asic_interrupt.isra.9+0x15d/0x990 drivers/tty/serial/rp2.c:493\n rp2_uart_interrupt+0x49/0xe0 drivers/tty/serial/rp2.c:504\n __handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149\n handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189\n handle_irq_event+0xac/0x140 kernel/irq/handle.c:206\n handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725\n generic_handle_irq_desc include/linux/irqdesc.h:155 [inline]\n handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87\n do_IRQ+0xa7/0x1e0 arch/x86/kernel/irq.c:247\n common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670\n </IRQ>\nRIP: 0010:native_safe_halt+0x28/0x30 arch/x86/include/asm/irqflags.h:61\nCode: 00 00 55 be 04 00 00 00 48 c7 c7 00 c2 2f 8c 48 89 e5 e8 fb 31 e7 f8\n8b 05 75 af 8d 03 85 c0 7e 07 0f 00 2d 8a 61 65 00 fb f4 <5d> c3 90 90 90\n90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41\nRSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde\nRAX: 0000000000000000 RBX: ffffffff8bde7e48 RCX: ffffffff88a21285\nRDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8c2fc200\nRBP: ffff88806b71fcc8 R08: fffffbfff185f840 R09: fffffbfff185f840\nR10: 0000000000000001 R11: fffffbfff185f840 R12: 0000000000000002\nR13: ffffffff8bea18a0 R14: 0000000000000000 R15: 0000000000000000\n arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]\n default_idle+0x6f/0x360 arch/x86/kernel/process.c:557\n arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548\n default_idle_call+0x3b/0x60 kernel/sched/idle.c:93\n cpuidle_idle_call kernel/sched/idle.c:153 [inline]\n do_idle+0x2ab/0x3c0 kernel/sched/idle.c:263\n cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369\n start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271\n secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243\nBUG: unable to handle kernel NULL pointer dereference at 0000000000000010\nPGD 8000000056d27067 P4D 8000000056d27067 PUD 56d28067 PMD 0\nOops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-\ngc9ba5276e321-prebuilt.qemu.org 04/01/2014\nRIP: 0010:readl arch/x86/include/asm/io.h:59 [inline]\nRIP: 0010:rp2_ch_interrupt drivers/tty/serial/rp2.c:472 [inline]\nRIP: 0010:rp2_asic_interrupt.isra.9+0x181/0x990 drivers/tty/serial/rp2.c:\n493\nCo\n---truncated---" + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "1da177e4c3f4", + "lessThan": "1e04d5d5fe5e", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "c697244ce940", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "1cc57cb32c84", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "35265552c7fe", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "915452f40e2f", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "6a931ceb0b94", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "9b07b6973f73", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "016002848c82", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "4.4.271", + "lessThanOrEqual": "4.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.9.271", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.14.235", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.193", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.124", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/1e04d5d5fe5e76af68f834e1941fcbfa439653be" + }, + { + "url": "https://git.kernel.org/stable/c/c697244ce940ec07e2d745ccb63ca97fc0266fbc" + }, + { + "url": "https://git.kernel.org/stable/c/1cc57cb32c84e059bd158494f746b665fc14d1b1" + }, + { + "url": "https://git.kernel.org/stable/c/35265552c7fe9553c75e324c80f45e28ff14eb6e" + }, + { + "url": "https://git.kernel.org/stable/c/915452f40e2f495e187276c4407a4f567ec2307e" + }, + { + "url": "https://git.kernel.org/stable/c/6a931ceb0b9401fe18d0c500e08164bf9cc7be4b" + }, + { + "url": "https://git.kernel.org/stable/c/9b07b6973f7359e2dd6a9fe6db0c142634c823b7" + }, + { + "url": "https://git.kernel.org/stable/c/016002848c82eeb5d460489ce392d91fe18c475c" + } + ], + "title": "serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47169", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47169.mbox b/cve/published/2021/CVE-2021-47169.mbox new file mode 100644 index 00000000..48aaba40 --- /dev/null +++ b/cve/published/2021/CVE-2021-47169.mbox @@ -0,0 +1,216 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47169: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' +Message-Id: <2024032536-CVE-2021-47169-4fd2@gregkh> +Content-Length: 9870 +Lines: 199 +X-Developer-Signature: v=1; a=openpgp-sha256; l=10070; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=OxJLRBouUPvR/bvSu41O/S8dUOrZxM+Hqrm7jlTLz/0=; + b=kA0DAAIRMUfUDdst+ykByyZiAGYBQPShLIyWNjabqKgk71xNq1psGIbfGJnsbB8UELRWvjVkS + IhdBAARAgAdFiEE9LYMxb94wiFKMT3LMUfUDdst+ykFAmYBQPQACgkQMUfUDdst+ym5wQCglaDF + 03aWM5IYJEAiyX8x32M7rOkAoNGiTc6qe5okrFZsQAzGFnYR2/42 +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' + +In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls +'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the +firmware don't exists, function just return without initializing ports +of 'rp2_card'. But now the interrupt handler function has been +registered, and when an interrupt comes, 'rp2_uart_interrupt' may access +those ports then causing NULL pointer dereference or other bugs. + +Because the driver does some initialization work in 'rp2_fw_cb', in +order to make the driver ready to handle interrupts, 'request_firmware' +should be used instead of asynchronous 'request_firmware_nowait'. + +This report reveals it: + +INFO: trying to register non-static key. +the code is fine but needs lockdep annotation. +turning off the locking correctness validator. +CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45 +Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59- +gc9ba5276e321-prebuilt.qemu.org 04/01/2014 +Call Trace: + <IRQ> + __dump_stack lib/dump_stack.c:77 [inline] + dump_stack+0xec/0x156 lib/dump_stack.c:118 + assign_lock_key kernel/locking/lockdep.c:727 [inline] + register_lock_class+0x14e5/0x1ba0 kernel/locking/lockdep.c:753 + __lock_acquire+0x187/0x3750 kernel/locking/lockdep.c:3303 + lock_acquire+0x124/0x340 kernel/locking/lockdep.c:3907 + __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] + _raw_spin_lock+0x32/0x50 kernel/locking/spinlock.c:144 + spin_lock include/linux/spinlock.h:329 [inline] + rp2_ch_interrupt drivers/tty/serial/rp2.c:466 [inline] + rp2_asic_interrupt.isra.9+0x15d/0x990 drivers/tty/serial/rp2.c:493 + rp2_uart_interrupt+0x49/0xe0 drivers/tty/serial/rp2.c:504 + __handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149 + handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189 + handle_irq_event+0xac/0x140 kernel/irq/handle.c:206 + handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725 + generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] + handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87 + do_IRQ+0xa7/0x1e0 arch/x86/kernel/irq.c:247 + common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670 + </IRQ> +RIP: 0010:native_safe_halt+0x28/0x30 arch/x86/include/asm/irqflags.h:61 +Code: 00 00 55 be 04 00 00 00 48 c7 c7 00 c2 2f 8c 48 89 e5 e8 fb 31 e7 f8 +8b 05 75 af 8d 03 85 c0 7e 07 0f 00 2d 8a 61 65 00 fb f4 <5d> c3 90 90 90 +90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 +RSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde +RAX: 0000000000000000 RBX: ffffffff8bde7e48 RCX: ffffffff88a21285 +RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8c2fc200 +RBP: ffff88806b71fcc8 R08: fffffbfff185f840 R09: fffffbfff185f840 +R10: 0000000000000001 R11: fffffbfff185f840 R12: 0000000000000002 +R13: ffffffff8bea18a0 R14: 0000000000000000 R15: 0000000000000000 + arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline] + default_idle+0x6f/0x360 arch/x86/kernel/process.c:557 + arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548 + default_idle_call+0x3b/0x60 kernel/sched/idle.c:93 + cpuidle_idle_call kernel/sched/idle.c:153 [inline] + do_idle+0x2ab/0x3c0 kernel/sched/idle.c:263 + cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369 + start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271 + secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 +BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 +PGD 8000000056d27067 P4D 8000000056d27067 PUD 56d28067 PMD 0 +Oops: 0000 [#1] PREEMPT SMP KASAN PTI +CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45 +Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59- +gc9ba5276e321-prebuilt.qemu.org 04/01/2014 +RIP: 0010:readl arch/x86/include/asm/io.h:59 [inline] +RIP: 0010:rp2_ch_interrupt drivers/tty/serial/rp2.c:472 [inline] +RIP: 0010:rp2_asic_interrupt.isra.9+0x181/0x990 drivers/tty/serial/rp2.c: +493 +Code: df e8 43 5d c2 05 48 8d 83 e8 01 00 00 48 89 85 60 ff ff ff 48 c1 e8 +03 42 80 3c 30 00 0f 85 aa 07 00 00 48 8b 83 e8 01 00 00 <8b> 40 10 89 c1 +89 85 68 ff ff ff 48 8b 83 e8 01 00 00 89 48 10 83 +RSP: 0018:ffff88806c287cd0 EFLAGS: 00010046 +RAX: 0000000000000000 RBX: ffff88806ade6820 RCX: ffffffff814300b1 +RDX: 1ffff1100d5bcd06 RSI: 0000000000000004 RDI: ffff88806ade6820 +RBP: ffff88806c287db8 R08: ffffed100d5bcd05 R09: ffffed100d5bcd05 +R10: 0000000000000001 R11: ffffed100d5bcd04 R12: ffffc90001e00000 +R13: ffff888069654e10 R14: dffffc0000000000 R15: ffff888069654df0 +FS: 0000000000000000(0000) GS:ffff88806c280000(0000) knlGS: +0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 0000000000000010 CR3: 000000006892c000 CR4: 00000000000006e0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +Call Trace: + <IRQ> + rp2_uart_interrupt+0x49/0xe0 drivers/tty/serial/rp2.c:504 + __handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149 + handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189 + handle_irq_event+0xac/0x140 kernel/irq/handle.c:206 + handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725 + generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] + handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87 + do_IRQ+0xa7/0x1e0 arch/x86/kernel/irq.c:247 + common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670 + </IRQ> +RIP: 0010:native_safe_halt+0x28/0x30 arch/x86/include/asm/irqflags.h:61 +Code: 00 00 55 be 04 00 00 00 48 c7 c7 00 c2 2f 8c 48 89 e5 e8 fb 31 e7 +f8 8b 05 75 af 8d 03 85 c0 7e 07 0f 00 2d 8a 61 65 00 fb f4 <5d> c3 90 +90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 +RSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde +RAX: 0000000000000000 RBX: ffffffff8bde7e48 RCX: ffffffff88a21285 +RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8c2fc200 +RBP: ffff88806b71fcc8 R08: fffffbfff185f840 R09: fffffbfff185f840 +R10: 0000000000000001 R11: fffffbfff185f840 R12: 0000000000000002 +R13: ffffffff8bea18a0 R14: 0000000000000000 R15: 0000000000000000 + arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline] + default_idle+0x6f/0x360 arch/x86/kernel/process.c:557 + arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548 + default_idle_call+0x3b/0x60 kernel/sched/idle.c:93 + cpuidle_idle_call kernel/sched/idle.c:153 [inline] + do_idle+0x2ab/0x3c0 kernel/sched/idle.c:263 + cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369 + start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271 + secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 +Modules linked in: +Dumping ftrace buffer: + (ftrace buffer empty) +CR2: 0000000000000010 +---[ end trace 11804dbb55cb1a64 ]--- +RIP: 0010:readl arch/x86/include/asm/io.h:59 [inline] +RIP: 0010:rp2_ch_interrupt drivers/tty/serial/rp2.c:472 [inline] +RIP: 0010:rp2_asic_interrupt.isra.9+0x181/0x990 drivers/tty/serial/rp2.c: +493 +Code: df e8 43 5d c2 05 48 8d 83 e8 01 00 00 48 89 85 60 ff ff ff 48 c1 +e8 03 42 80 3c 30 00 0f 85 aa 07 00 00 48 8b 83 e8 01 00 00 <8b> 40 10 89 +c1 89 85 68 ff ff ff 48 8b 83 e8 01 00 00 89 48 10 83 +RSP: 0018:ffff88806c287cd0 EFLAGS: 00010046 +RAX: 0000000000000000 RBX: ffff88806ade6820 RCX: ffffffff814300b1 +RDX: 1ffff1100d5bcd06 RSI: 0000000000000004 RDI: ffff88806ade6820 +RBP: ffff88806c287db8 R08: ffffed100d5bcd05 R09: ffffed100d5bcd05 +R10: 0000000000000001 R11: ffffed100d5bcd04 R12: ffffc90001e00000 +R13: ffff888069654e10 R14: dffffc0000000000 R15: ffff888069654df0 +FS: 0000000000000000(0000) GS:ffff88806c280000(0000) knlGS: +0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 0000000000000010 CR3: 000000006892c000 CR4: 00000000000006e0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 + +The Linux kernel CVE team has assigned CVE-2021-47169 to this issue. + + +Affected and fixed versions +=========================== + + Fixed in 4.4.271 with commit 1e04d5d5fe5e + Fixed in 4.9.271 with commit c697244ce940 + Fixed in 4.14.235 with commit 1cc57cb32c84 + Fixed in 4.19.193 with commit 35265552c7fe + Fixed in 5.4.124 with commit 915452f40e2f + Fixed in 5.10.42 with commit 6a931ceb0b94 + Fixed in 5.12.9 with commit 9b07b6973f73 + Fixed in 5.13 with commit 016002848c82 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47169 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + drivers/tty/serial/rp2.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/1e04d5d5fe5e76af68f834e1941fcbfa439653be + https://git.kernel.org/stable/c/c697244ce940ec07e2d745ccb63ca97fc0266fbc + https://git.kernel.org/stable/c/1cc57cb32c84e059bd158494f746b665fc14d1b1 + https://git.kernel.org/stable/c/35265552c7fe9553c75e324c80f45e28ff14eb6e + https://git.kernel.org/stable/c/915452f40e2f495e187276c4407a4f567ec2307e + https://git.kernel.org/stable/c/6a931ceb0b9401fe18d0c500e08164bf9cc7be4b + https://git.kernel.org/stable/c/9b07b6973f7359e2dd6a9fe6db0c142634c823b7 + https://git.kernel.org/stable/c/016002848c82eeb5d460489ce392d91fe18c475c diff --git a/cve/published/2021/CVE-2021-47169.sha1 b/cve/published/2021/CVE-2021-47169.sha1 new file mode 100644 index 00000000..af85bdf1 --- /dev/null +++ b/cve/published/2021/CVE-2021-47169.sha1 @@ -0,0 +1 @@ +016002848c82eeb5d460489ce392d91fe18c475c diff --git a/cve/reserved/2021/CVE-2021-47170 b/cve/published/2021/CVE-2021-47170 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47170 +++ b/cve/published/2021/CVE-2021-47170 diff --git a/cve/published/2021/CVE-2021-47170.json b/cve/published/2021/CVE-2021-47170.json new file mode 100644 index 00000000..2a8e10a3 --- /dev/null +++ b/cve/published/2021/CVE-2021-47170.json @@ -0,0 +1,123 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbfs: Don't WARN about excessively large memory allocations\n\nSyzbot found that the kernel generates a WARNing if the user tries to\nsubmit a bulk transfer through usbfs with a buffer that is way too\nlarge. This isn't a bug in the kernel; it's merely an invalid request\nfrom the user and the usbfs code does handle it correctly.\n\nIn theory the same thing can happen with async transfers, or with the\npacket descriptor table for isochronous transfers.\n\nTo prevent the MM subsystem from complaining about these bad\nallocation requests, add the __GFP_NOWARN flag to the kmalloc calls\nfor these buffers." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "1da177e4c3f4", + "lessThan": "2ab21d6e1411", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "2c835fede13e", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "8d83f109e920", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "9f7cb3f01a10", + "status": "affected", + "versionType": "git" + }, + { + "version": "1da177e4c3f4", + "lessThan": "4f2629ea67e7", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "4.19.193", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.124", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/2ab21d6e1411999b5fb43434f421f00bf50002eb" + }, + { + "url": "https://git.kernel.org/stable/c/2c835fede13e03f2743a333e4370b5ed2db91e83" + }, + { + "url": "https://git.kernel.org/stable/c/8d83f109e920d2776991fa142bb904d985dca2ed" + }, + { + "url": "https://git.kernel.org/stable/c/9f7cb3f01a10d9064cf13b3d26fb7e7a5827d098" + }, + { + "url": "https://git.kernel.org/stable/c/4f2629ea67e7225c3fd292c7fe4f5b3c9d6392de" + } + ], + "title": "USB: usbfs: Don't WARN about excessively large memory allocations", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47170", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47170.mbox b/cve/published/2021/CVE-2021-47170.mbox new file mode 100644 index 00000000..69f5edb6 --- /dev/null +++ b/cve/published/2021/CVE-2021-47170.mbox @@ -0,0 +1,80 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47170: USB: usbfs: Don't WARN about excessively large memory allocations +Message-Id: <2024032536-CVE-2021-47170-ee51@gregkh> +Content-Length: 2394 +Lines: 63 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2458; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=ovcj9kTkuzCNxKAYhx2XKQmtnuu2j8KV/0bYYcjiKho=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDl/Kr9lFMKRevL5DeEN8e9eVnvcvZvutvOrJGbV/y + 9KSYxJZHbEsDIJMDLJiiixftvEc3V9xSNHL0PY0zBxWJpAhDFycAjCR6d4MC5a+fRboKzN57a2C + R7Oa0vbbbxINm8gwv/qQRL3opIQjeumCea95hG/98+J/CQA= +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +USB: usbfs: Don't WARN about excessively large memory allocations + +Syzbot found that the kernel generates a WARNing if the user tries to +submit a bulk transfer through usbfs with a buffer that is way too +large. This isn't a bug in the kernel; it's merely an invalid request +from the user and the usbfs code does handle it correctly. + +In theory the same thing can happen with async transfers, or with the +packet descriptor table for isochronous transfers. + +To prevent the MM subsystem from complaining about these bad +allocation requests, add the __GFP_NOWARN flag to the kmalloc calls +for these buffers. + +The Linux kernel CVE team has assigned CVE-2021-47170 to this issue. + + +Affected and fixed versions +=========================== + + Fixed in 4.19.193 with commit 2ab21d6e1411 + Fixed in 5.4.124 with commit 2c835fede13e + Fixed in 5.10.42 with commit 8d83f109e920 + Fixed in 5.12.9 with commit 9f7cb3f01a10 + Fixed in 5.13 with commit 4f2629ea67e7 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47170 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + drivers/usb/core/devio.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/2ab21d6e1411999b5fb43434f421f00bf50002eb + https://git.kernel.org/stable/c/2c835fede13e03f2743a333e4370b5ed2db91e83 + https://git.kernel.org/stable/c/8d83f109e920d2776991fa142bb904d985dca2ed + https://git.kernel.org/stable/c/9f7cb3f01a10d9064cf13b3d26fb7e7a5827d098 + https://git.kernel.org/stable/c/4f2629ea67e7225c3fd292c7fe4f5b3c9d6392de diff --git a/cve/published/2021/CVE-2021-47170.sha1 b/cve/published/2021/CVE-2021-47170.sha1 new file mode 100644 index 00000000..add3e35a --- /dev/null +++ b/cve/published/2021/CVE-2021-47170.sha1 @@ -0,0 +1 @@ +4f2629ea67e7225c3fd292c7fe4f5b3c9d6392de diff --git a/cve/reserved/2021/CVE-2021-47171 b/cve/published/2021/CVE-2021-47171 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47171 +++ b/cve/published/2021/CVE-2021-47171 diff --git a/cve/published/2021/CVE-2021-47171.json b/cve/published/2021/CVE-2021-47171.json new file mode 100644 index 00000000..69ee2bad --- /dev/null +++ b/cve/published/2021/CVE-2021-47171.json @@ -0,0 +1,178 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: fix memory leak in smsc75xx_bind\n\nSyzbot reported memory leak in smsc75xx_bind().\nThe problem was is non-freed memory in case of\nerrors after memory allocation.\n\nbacktrace:\n [<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline]\n [<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline]\n [<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460\n [<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728" + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "d0cad871703b", + "lessThan": "200dbfcad801", + "status": "affected", + "versionType": "git" + }, + { + "version": "d0cad871703b", + "lessThan": "22c840596af0", + "status": "affected", + "versionType": "git" + }, + { + "version": "d0cad871703b", + "lessThan": "9e6b8c1ff9d9", + "status": "affected", + "versionType": "git" + }, + { + "version": "d0cad871703b", + "lessThan": "9e6a3eccb287", + "status": "affected", + "versionType": "git" + }, + { + "version": "d0cad871703b", + "lessThan": "b95fb96e6339", + "status": "affected", + "versionType": "git" + }, + { + "version": "d0cad871703b", + "lessThan": "635ac38b3625", + "status": "affected", + "versionType": "git" + }, + { + "version": "d0cad871703b", + "lessThan": "70c886ac93f8", + "status": "affected", + "versionType": "git" + }, + { + "version": "d0cad871703b", + "lessThan": "46a8b29c6306", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "2.6.34", + "status": "affected" + }, + { + "version": "0", + "lessThan": "2.6.34", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.4.271", + "lessThanOrEqual": "4.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.9.271", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.14.235", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.193", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.124", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/200dbfcad8011e50c3cec269ed7b980836eeb1fa" + }, + { + "url": "https://git.kernel.org/stable/c/22c840596af0c09068b6cf948616e6496e59e07f" + }, + { + "url": "https://git.kernel.org/stable/c/9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc" + }, + { + "url": "https://git.kernel.org/stable/c/9e6a3eccb28779710cbbafc4f4258d92509c6d07" + }, + { + "url": "https://git.kernel.org/stable/c/b95fb96e6339e34694dd578fb6bde3575b01af17" + }, + { + "url": "https://git.kernel.org/stable/c/635ac38b36255d3cfb8312cf7c471334f4d537e0" + }, + { + "url": "https://git.kernel.org/stable/c/70c886ac93f87ae7214a0c69151a28a8075dd95b" + }, + { + "url": "https://git.kernel.org/stable/c/46a8b29c6306d8bbfd92b614ef65a47c900d8e70" + } + ], + "title": "net: usb: fix memory leak in smsc75xx_bind", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47171", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47171.mbox b/cve/published/2021/CVE-2021-47171.mbox new file mode 100644 index 00000000..de1692e6 --- /dev/null +++ b/cve/published/2021/CVE-2021-47171.mbox @@ -0,0 +1,84 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47171: net: usb: fix memory leak in smsc75xx_bind +Message-Id: <2024032536-CVE-2021-47171-f223@gregkh> +Content-Length: 3062 +Lines: 67 +X-Developer-Signature: v=1; a=openpgp-sha256; l=3130; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=zEUIBoLfwnhwlNysWTWILRt7WMujylPEPIaZ3Hqsi54=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDl9F+6YsvpNeufa4vdAv2VMZCdvn/5h+UU/epNnl7 + Bz566+md8SyMAgyMciKKbJ82cZzdH/FIUUvQ9vTMHNYmUCGMHBxCsBEntcxzA/6fOEgx+95SYqr + HR4+2vH7/JaX4u8Y5ucX8DGvSNGcfsZax/9a+UePggNhmwE= +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +net: usb: fix memory leak in smsc75xx_bind + +Syzbot reported memory leak in smsc75xx_bind(). +The problem was is non-freed memory in case of +errors after memory allocation. + +backtrace: + [<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline] + [<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline] + [<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460 + [<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728 + +The Linux kernel CVE team has assigned CVE-2021-47171 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 4.4.271 with commit 200dbfcad801 + Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 4.9.271 with commit 22c840596af0 + Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 4.14.235 with commit 9e6b8c1ff9d9 + Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 4.19.193 with commit 9e6a3eccb287 + Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 5.4.124 with commit b95fb96e6339 + Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 5.10.42 with commit 635ac38b3625 + Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 5.12.9 with commit 70c886ac93f8 + Issue introduced in 2.6.34 with commit d0cad871703b and fixed in 5.13 with commit 46a8b29c6306 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47171 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + drivers/net/usb/smsc75xx.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/200dbfcad8011e50c3cec269ed7b980836eeb1fa + https://git.kernel.org/stable/c/22c840596af0c09068b6cf948616e6496e59e07f + https://git.kernel.org/stable/c/9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc + https://git.kernel.org/stable/c/9e6a3eccb28779710cbbafc4f4258d92509c6d07 + https://git.kernel.org/stable/c/b95fb96e6339e34694dd578fb6bde3575b01af17 + https://git.kernel.org/stable/c/635ac38b36255d3cfb8312cf7c471334f4d537e0 + https://git.kernel.org/stable/c/70c886ac93f87ae7214a0c69151a28a8075dd95b + https://git.kernel.org/stable/c/46a8b29c6306d8bbfd92b614ef65a47c900d8e70 diff --git a/cve/published/2021/CVE-2021-47171.sha1 b/cve/published/2021/CVE-2021-47171.sha1 new file mode 100644 index 00000000..297c4c87 --- /dev/null +++ b/cve/published/2021/CVE-2021-47171.sha1 @@ -0,0 +1 @@ +46a8b29c6306d8bbfd92b614ef65a47c900d8e70 diff --git a/cve/reserved/2021/CVE-2021-47172 b/cve/published/2021/CVE-2021-47172 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47172 +++ b/cve/published/2021/CVE-2021-47172 diff --git a/cve/published/2021/CVE-2021-47172.json b/cve/published/2021/CVE-2021-47172.json new file mode 100644 index 00000000..0a2a3978 --- /dev/null +++ b/cve/published/2021/CVE-2021-47172.json @@ -0,0 +1,108 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7124: Fix potential overflow due to non sequential channel numbers\n\nChannel numbering must start at 0 and then not have any holes, or\nit is possible to overflow the available storage. Note this bug was\nintroduced as part of a fix to ensure we didn't rely on the ordering\nof child nodes. So we need to support arbitrary ordering but they all\nneed to be there somewhere.\n\nNote I hit this when using qemu to test the rest of this series.\nArguably this isn't the best fix, but it is probably the most minimal\noption for backporting etc.\n\nAlexandru's sign-off is here because he carried this patch in a larger\nset that Jonathan then applied." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "5408cbc63373", + "lessThan": "f49149964d24", + "status": "affected", + "versionType": "git" + }, + { + "version": "d7857e4ee1ba6", + "lessThan": "f70122825076", + "status": "affected", + "versionType": "git" + }, + { + "version": "d7857e4ee1ba6", + "lessThan": "26da8040eccc", + "status": "affected", + "versionType": "git" + }, + { + "version": "d7857e4ee1ba6", + "lessThan": "f2a772c51206", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "5.4.124", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/f49149964d2423fb618fb6b755bb1eaa431cca2c" + }, + { + "url": "https://git.kernel.org/stable/c/f70122825076117787b91e7f219e21c09f11a5b9" + }, + { + "url": "https://git.kernel.org/stable/c/26da8040eccc6c6b0e415e9a3baf72fd39eb2fdc" + }, + { + "url": "https://git.kernel.org/stable/c/f2a772c51206b0c3f262e4f6a3812c89a650191b" + } + ], + "title": "iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47172", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47172.mbox b/cve/published/2021/CVE-2021-47172.mbox new file mode 100644 index 00000000..94f21245 --- /dev/null +++ b/cve/published/2021/CVE-2021-47172.mbox @@ -0,0 +1,79 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47172: iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers +Message-Id: <2024032537-CVE-2021-47172-4990@gregkh> +Content-Length: 2540 +Lines: 62 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2603; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=WDhhLayGXXzVzdYGj64LUAPIGjFLnIvTmi05mR64DvE=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDl89pa/vODr7cv68hPjpNzNYpwVUMjVw7Pj/hmG23 + acZjopVHbEsDIJMDLJiiixftvEc3V9xSNHL0PY0zBxWJpAhDFycAjARx3SG+XE/Hzbseff60OW6 + Qz6Sq4T2r9nzYgLDgtlPpfOFTxerL96kIBy1MjzTS1LpBgA= +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers + +Channel numbering must start at 0 and then not have any holes, or +it is possible to overflow the available storage. Note this bug was +introduced as part of a fix to ensure we didn't rely on the ordering +of child nodes. So we need to support arbitrary ordering but they all +need to be there somewhere. + +Note I hit this when using qemu to test the rest of this series. +Arguably this isn't the best fix, but it is probably the most minimal +option for backporting etc. + +Alexandru's sign-off is here because he carried this patch in a larger +set that Jonathan then applied. + +The Linux kernel CVE team has assigned CVE-2021-47172 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 5.4.14 with commit 5408cbc63373 and fixed in 5.4.124 with commit f49149964d24 + Issue introduced in 5.5 with commit d7857e4ee1ba6 and fixed in 5.10.42 with commit f70122825076 + Issue introduced in 5.5 with commit d7857e4ee1ba6 and fixed in 5.12.9 with commit 26da8040eccc + Issue introduced in 5.5 with commit d7857e4ee1ba6 and fixed in 5.13 with commit f2a772c51206 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47172 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + drivers/iio/adc/ad7124.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/f49149964d2423fb618fb6b755bb1eaa431cca2c + https://git.kernel.org/stable/c/f70122825076117787b91e7f219e21c09f11a5b9 + https://git.kernel.org/stable/c/26da8040eccc6c6b0e415e9a3baf72fd39eb2fdc + https://git.kernel.org/stable/c/f2a772c51206b0c3f262e4f6a3812c89a650191b diff --git a/cve/published/2021/CVE-2021-47172.sha1 b/cve/published/2021/CVE-2021-47172.sha1 new file mode 100644 index 00000000..dbcfe22c --- /dev/null +++ b/cve/published/2021/CVE-2021-47172.sha1 @@ -0,0 +1 @@ +f2a772c51206b0c3f262e4f6a3812c89a650191b diff --git a/cve/reserved/2021/CVE-2021-47173 b/cve/published/2021/CVE-2021-47173 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47173 +++ b/cve/published/2021/CVE-2021-47173 diff --git a/cve/published/2021/CVE-2021-47173.json b/cve/published/2021/CVE-2021-47173.json new file mode 100644 index 00000000..805d667d --- /dev/null +++ b/cve/published/2021/CVE-2021-47173.json @@ -0,0 +1,178 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc/uss720: fix memory leak in uss720_probe\n\nuss720_probe forgets to decrease the refcount of usbdev in uss720_probe.\nFix this by decreasing the refcount of usbdev by usb_put_dev.\n\nBUG: memory leak\nunreferenced object 0xffff888101113800 (size 2048):\n comm \"kworker/0:1\", pid 7, jiffies 4294956777 (age 28.870s)\n hex dump (first 32 bytes):\n ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1...........\n 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ................\n backtrace:\n [<ffffffff82b8e822>] kmalloc include/linux/slab.h:554 [inline]\n [<ffffffff82b8e822>] kzalloc include/linux/slab.h:684 [inline]\n [<ffffffff82b8e822>] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582\n [<ffffffff82b98441>] hub_port_connect drivers/usb/core/hub.c:5129 [inline]\n [<ffffffff82b98441>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline]\n [<ffffffff82b98441>] port_event drivers/usb/core/hub.c:5509 [inline]\n [<ffffffff82b98441>] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591\n [<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275\n [<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421\n [<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292\n [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294" + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "0f36163d3abe", + "lessThan": "5f46b2410db2", + "status": "affected", + "versionType": "git" + }, + { + "version": "0f36163d3abe", + "lessThan": "7889c70e6173", + "status": "affected", + "versionType": "git" + }, + { + "version": "0f36163d3abe", + "lessThan": "bcb30cc8f8be", + "status": "affected", + "versionType": "git" + }, + { + "version": "0f36163d3abe", + "lessThan": "386918878ce4", + "status": "affected", + "versionType": "git" + }, + { + "version": "0f36163d3abe", + "lessThan": "36b5ff1db1a4", + "status": "affected", + "versionType": "git" + }, + { + "version": "0f36163d3abe", + "lessThan": "5394ae9d8c79", + "status": "affected", + "versionType": "git" + }, + { + "version": "0f36163d3abe", + "lessThan": "a3c3face38cb", + "status": "affected", + "versionType": "git" + }, + { + "version": "0f36163d3abe", + "lessThan": "dcb4b8ad6a44", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "2.6.14", + "status": "affected" + }, + { + "version": "0", + "lessThan": "2.6.14", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.4.271", + "lessThanOrEqual": "4.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.9.271", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.14.235", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.193", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.124", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/5f46b2410db2c8f26b8bb91b40deebf4ec184391" + }, + { + "url": "https://git.kernel.org/stable/c/7889c70e6173ef358f3cd7578db127a489035a42" + }, + { + "url": "https://git.kernel.org/stable/c/bcb30cc8f8befcbdbcf7a016e4dfd4747c54a364" + }, + { + "url": "https://git.kernel.org/stable/c/386918878ce4cd676e4607233866e03c9399a46a" + }, + { + "url": "https://git.kernel.org/stable/c/36b5ff1db1a4ef4fdbc2bae364344279f033ad88" + }, + { + "url": "https://git.kernel.org/stable/c/5394ae9d8c7961dd93807fdf1b12a1dde96b0a55" + }, + { + "url": "https://git.kernel.org/stable/c/a3c3face38cb49932c62adcc1289914f1c742096" + }, + { + "url": "https://git.kernel.org/stable/c/dcb4b8ad6a448532d8b681b5d1a7036210b622de" + } + ], + "title": "misc/uss720: fix memory leak in uss720_probe", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47173", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47173.mbox b/cve/published/2021/CVE-2021-47173.mbox new file mode 100644 index 00000000..3a33789f --- /dev/null +++ b/cve/published/2021/CVE-2021-47173.mbox @@ -0,0 +1,96 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47173: misc/uss720: fix memory leak in uss720_probe +Message-Id: <2024032537-CVE-2021-47173-12cc@gregkh> +Content-Length: 3908 +Lines: 79 +X-Developer-Signature: v=1; a=openpgp-sha256; l=3988; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=nlqjJmTWK+1mRYxohVfdF1gODI0Qa4XbCKET+e+QCPY=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDl8t3V5/1F8/73LLMqErFllLo7xfO4Se2zbTTNXo+ + YcDTw/86IhlYRBkYpAVU2T5so3n6P6KQ4pehranYeawMoEMYeDiFICJrGBgmCuof2L6kkPX4zgD + 2by6rGukmR54uTHMZs87puewaEb/un3x8tkp1u2nXzLOBQA= +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +misc/uss720: fix memory leak in uss720_probe + +uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. +Fix this by decreasing the refcount of usbdev by usb_put_dev. + +BUG: memory leak +unreferenced object 0xffff888101113800 (size 2048): + comm "kworker/0:1", pid 7, jiffies 4294956777 (age 28.870s) + hex dump (first 32 bytes): + ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1........... + 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ................ + backtrace: + [<ffffffff82b8e822>] kmalloc include/linux/slab.h:554 [inline] + [<ffffffff82b8e822>] kzalloc include/linux/slab.h:684 [inline] + [<ffffffff82b8e822>] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582 + [<ffffffff82b98441>] hub_port_connect drivers/usb/core/hub.c:5129 [inline] + [<ffffffff82b98441>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline] + [<ffffffff82b98441>] port_event drivers/usb/core/hub.c:5509 [inline] + [<ffffffff82b98441>] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591 + [<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275 + [<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421 + [<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292 + [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 + +The Linux kernel CVE team has assigned CVE-2021-47173 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 2.6.14 with commit 0f36163d3abe and fixed in 4.4.271 with commit 5f46b2410db2 + Issue introduced in 2.6.14 with commit 0f36163d3abe and fixed in 4.9.271 with commit 7889c70e6173 + Issue introduced in 2.6.14 with commit 0f36163d3abe and fixed in 4.14.235 with commit bcb30cc8f8be + Issue introduced in 2.6.14 with commit 0f36163d3abe and fixed in 4.19.193 with commit 386918878ce4 + Issue introduced in 2.6.14 with commit 0f36163d3abe and fixed in 5.4.124 with commit 36b5ff1db1a4 + Issue introduced in 2.6.14 with commit 0f36163d3abe and fixed in 5.10.42 with commit 5394ae9d8c79 + Issue introduced in 2.6.14 with commit 0f36163d3abe and fixed in 5.12.9 with commit a3c3face38cb + Issue introduced in 2.6.14 with commit 0f36163d3abe and fixed in 5.13 with commit dcb4b8ad6a44 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47173 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + drivers/usb/misc/uss720.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/5f46b2410db2c8f26b8bb91b40deebf4ec184391 + https://git.kernel.org/stable/c/7889c70e6173ef358f3cd7578db127a489035a42 + https://git.kernel.org/stable/c/bcb30cc8f8befcbdbcf7a016e4dfd4747c54a364 + https://git.kernel.org/stable/c/386918878ce4cd676e4607233866e03c9399a46a + https://git.kernel.org/stable/c/36b5ff1db1a4ef4fdbc2bae364344279f033ad88 + https://git.kernel.org/stable/c/5394ae9d8c7961dd93807fdf1b12a1dde96b0a55 + https://git.kernel.org/stable/c/a3c3face38cb49932c62adcc1289914f1c742096 + https://git.kernel.org/stable/c/dcb4b8ad6a448532d8b681b5d1a7036210b622de diff --git a/cve/published/2021/CVE-2021-47173.sha1 b/cve/published/2021/CVE-2021-47173.sha1 new file mode 100644 index 00000000..031a5313 --- /dev/null +++ b/cve/published/2021/CVE-2021-47173.sha1 @@ -0,0 +1 @@ +dcb4b8ad6a448532d8b681b5d1a7036210b622de diff --git a/cve/reserved/2021/CVE-2021-47174 b/cve/published/2021/CVE-2021-47174 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47174 +++ b/cve/published/2021/CVE-2021-47174 diff --git a/cve/published/2021/CVE-2021-47174.json b/cve/published/2021/CVE-2021-47174.json new file mode 100644 index 00000000..30a2ffb9 --- /dev/null +++ b/cve/published/2021/CVE-2021-47174.json @@ -0,0 +1,103 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version\n\nArturo reported this backtrace:\n\n[709732.358791] WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernel_fpu_begin_mask+0xae/0xe0\n[709732.358793] Modules linked in: binfmt_misc nft_nat nft_chain_nat nf_nat nft_counter nft_ct nf_tables nf_conntrack_netlink nfnetlink 8021q garp stp mrp llc vrf intel_rapl_msr intel_rapl_common skx_edac nfit libnvdimm ipmi_ssif x86_pkg_temp_thermal intel_powerclamp coretemp crc32_pclmul mgag200 ghash_clmulni_intel drm_kms_helper cec aesni_intel drm libaes crypto_simd cryptd glue_helper mei_me dell_smbios iTCO_wdt evdev intel_pmc_bxt iTCO_vendor_support dcdbas pcspkr rapl dell_wmi_descriptor wmi_bmof sg i2c_algo_bit watchdog mei acpi_ipmi ipmi_si button nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ipmi_devintf ipmi_msghandler ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 dm_mod raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor sd_mod t10_pi crc_t10dif crct10dif_generic raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod ahci libahci tg3 libata xhci_pci libphy xhci_hcd ptp usbcore crct10dif_pclmul crct10dif_common bnxt_en crc32c_intel scsi_mod\n[709732.358941] pps_core i2c_i801 lpc_ich i2c_smbus wmi usb_common\n[709732.358957] CPU: 3 PID: 456 Comm: jbd2/dm-0-8 Not tainted 5.10.0-0.bpo.5-amd64 #1 Debian 5.10.24-1~bpo10+1\n[709732.358959] Hardware name: Dell Inc. PowerEdge R440/04JN2K, BIOS 2.9.3 09/23/2020\n[709732.358964] RIP: 0010:kernel_fpu_begin_mask+0xae/0xe0\n[709732.358969] Code: ae 54 24 04 83 e3 01 75 38 48 8b 44 24 08 65 48 33 04 25 28 00 00 00 75 33 48 83 c4 10 5b c3 65 8a 05 5e 21 5e 76 84 c0 74 92 <0f> 0b eb 8e f0 80 4f 01 40 48 81 c7 00 14 00 00 e8 dd fb ff ff eb\n[709732.358972] RSP: 0018:ffffbb9700304740 EFLAGS: 00010202\n[709732.358976] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000000001\n[709732.358979] RDX: ffffbb9700304970 RSI: ffff922fe1952e00 RDI: 0000000000000003\n[709732.358981] RBP: ffffbb9700304970 R08: ffff922fc868a600 R09: ffff922fc711e462\n[709732.358984] R10: 000000000000005f R11: ffff922ff0b27180 R12: ffffbb9700304960\n[709732.358987] R13: ffffbb9700304b08 R14: ffff922fc664b6c8 R15: ffff922fc664b660\n[709732.358990] FS: 0000000000000000(0000) GS:ffff92371fec0000(0000) knlGS:0000000000000000\n[709732.358993] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[709732.358996] CR2: 0000557a6655bdd0 CR3: 000000026020a001 CR4: 00000000007706e0\n[709732.358999] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[709732.359001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[709732.359003] PKRU: 55555554\n[709732.359005] Call Trace:\n[709732.359009] <IRQ>\n[709732.359035] nft_pipapo_avx2_lookup+0x4c/0x1cba [nf_tables]\n[709732.359046] ? sched_clock+0x5/0x10\n[709732.359054] ? sched_clock_cpu+0xc/0xb0\n[709732.359061] ? record_times+0x16/0x80\n[709732.359068] ? plist_add+0xc1/0x100\n[709732.359073] ? psi_group_change+0x47/0x230\n[709732.359079] ? skb_clone+0x4d/0xb0\n[709732.359085] ? enqueue_task_rt+0x22b/0x310\n[709732.359098] ? bnxt_start_xmit+0x1e8/0xaf0 [bnxt_en]\n[709732.359102] ? packet_rcv+0x40/0x4a0\n[709732.359121] nft_lookup_eval+0x59/0x160 [nf_tables]\n[709732.359133] nft_do_chain+0x350/0x500 [nf_tables]\n[709732.359152] ? nft_lookup_eval+0x59/0x160 [nf_tables]\n[709732.359163] ? nft_do_chain+0x364/0x500 [nf_tables]\n[709732.359172] ? fib4_rule_action+0x6d/0x80\n[709732.359178] ? fib_rules_lookup+0x107/0x250\n[709732.359184] nft_nat_do_chain+0x8a/0xf2 [nft_chain_nat]\n[709732.359193] nf_nat_inet_fn+0xea/0x210 [nf_nat]\n[709732.359202] nf_nat_ipv4_out+0x14/0xa0 [nf_nat]\n[709732.359207] nf_hook_slow+0x44/0xc0\n[709732.359214] ip_output+0xd2/0x100\n[709732.359221] ? __ip_finish_output+0x210/0x210\n[709732.359226] ip_forward+0x37d/0x4a0\n[709732.359232] ? ip4_key_hashfn+0xb0/0xb0\n[709732.359238] ip_subli\n---truncated---" + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "7400b063969b", + "lessThan": "b1f45a26bd32", + "status": "affected", + "versionType": "git" + }, + { + "version": "7400b063969b", + "lessThan": "727a2b4fc951", + "status": "affected", + "versionType": "git" + }, + { + "version": "7400b063969b", + "lessThan": "f0b3d338064e", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "5.7", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.7", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/b1f45a26bd322525c14edd9504f6d46dfad679a4" + }, + { + "url": "https://git.kernel.org/stable/c/727a2b4fc951ee69847d4904d98961856ea9fbe6" + }, + { + "url": "https://git.kernel.org/stable/c/f0b3d338064e1fe7531f0d2977e35f3b334abfb4" + } + ], + "title": "netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47174", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47174.mbox b/cve/published/2021/CVE-2021-47174.mbox new file mode 100644 index 00000000..056eed94 --- /dev/null +++ b/cve/published/2021/CVE-2021-47174.mbox @@ -0,0 +1,159 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47174: netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version +Message-Id: <2024032537-CVE-2021-47174-a330@gregkh> +Content-Length: 8157 +Lines: 142 +X-Developer-Signature: v=1; a=openpgp-sha256; l=8300; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=ipfEGyZ/3zhMoHxt6H5qmb48Xt41TV5+5cZbPTrgVLU=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDl/9PT703/9+T+Ffl2l1WjuDVIs4q1lQTpMmY0PiM + uspPN86YlkYBJkYZMUUWb5s4zm6v+KQopeh7WmYOaxMIEMYuDgFYCLRcxgWzDO0Wnz+jLSn1e2I + lx/f/Uw8qbdoGsM8RZ3Hwgkbp4b47+WxOOt1qeqaROFLAA== +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version + +Arturo reported this backtrace: + +[709732.358791] WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernel_fpu_begin_mask+0xae/0xe0 +[709732.358793] Modules linked in: binfmt_misc nft_nat nft_chain_nat nf_nat nft_counter nft_ct nf_tables nf_conntrack_netlink nfnetlink 8021q garp stp mrp llc vrf intel_rapl_msr intel_rapl_common skx_edac nfit libnvdimm ipmi_ssif x86_pkg_temp_thermal intel_powerclamp coretemp crc32_pclmul mgag200 ghash_clmulni_intel drm_kms_helper cec aesni_intel drm libaes crypto_simd cryptd glue_helper mei_me dell_smbios iTCO_wdt evdev intel_pmc_bxt iTCO_vendor_support dcdbas pcspkr rapl dell_wmi_descriptor wmi_bmof sg i2c_algo_bit watchdog mei acpi_ipmi ipmi_si button nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ipmi_devintf ipmi_msghandler ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 dm_mod raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor sd_mod t10_pi crc_t10dif crct10dif_generic raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod ahci libahci tg3 libata xhci_pci libphy xhci_hcd ptp usbcore crct10dif_pclmul crct10dif_common bnxt_en crc32c_intel scsi_mod +[709732.358941] pps_core i2c_i801 lpc_ich i2c_smbus wmi usb_common +[709732.358957] CPU: 3 PID: 456 Comm: jbd2/dm-0-8 Not tainted 5.10.0-0.bpo.5-amd64 #1 Debian 5.10.24-1~bpo10+1 +[709732.358959] Hardware name: Dell Inc. PowerEdge R440/04JN2K, BIOS 2.9.3 09/23/2020 +[709732.358964] RIP: 0010:kernel_fpu_begin_mask+0xae/0xe0 +[709732.358969] Code: ae 54 24 04 83 e3 01 75 38 48 8b 44 24 08 65 48 33 04 25 28 00 00 00 75 33 48 83 c4 10 5b c3 65 8a 05 5e 21 5e 76 84 c0 74 92 <0f> 0b eb 8e f0 80 4f 01 40 48 81 c7 00 14 00 00 e8 dd fb ff ff eb +[709732.358972] RSP: 0018:ffffbb9700304740 EFLAGS: 00010202 +[709732.358976] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000000001 +[709732.358979] RDX: ffffbb9700304970 RSI: ffff922fe1952e00 RDI: 0000000000000003 +[709732.358981] RBP: ffffbb9700304970 R08: ffff922fc868a600 R09: ffff922fc711e462 +[709732.358984] R10: 000000000000005f R11: ffff922ff0b27180 R12: ffffbb9700304960 +[709732.358987] R13: ffffbb9700304b08 R14: ffff922fc664b6c8 R15: ffff922fc664b660 +[709732.358990] FS: 0000000000000000(0000) GS:ffff92371fec0000(0000) knlGS:0000000000000000 +[709732.358993] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[709732.358996] CR2: 0000557a6655bdd0 CR3: 000000026020a001 CR4: 00000000007706e0 +[709732.358999] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[709732.359001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[709732.359003] PKRU: 55555554 +[709732.359005] Call Trace: +[709732.359009] <IRQ> +[709732.359035] nft_pipapo_avx2_lookup+0x4c/0x1cba [nf_tables] +[709732.359046] ? sched_clock+0x5/0x10 +[709732.359054] ? sched_clock_cpu+0xc/0xb0 +[709732.359061] ? record_times+0x16/0x80 +[709732.359068] ? plist_add+0xc1/0x100 +[709732.359073] ? psi_group_change+0x47/0x230 +[709732.359079] ? skb_clone+0x4d/0xb0 +[709732.359085] ? enqueue_task_rt+0x22b/0x310 +[709732.359098] ? bnxt_start_xmit+0x1e8/0xaf0 [bnxt_en] +[709732.359102] ? packet_rcv+0x40/0x4a0 +[709732.359121] nft_lookup_eval+0x59/0x160 [nf_tables] +[709732.359133] nft_do_chain+0x350/0x500 [nf_tables] +[709732.359152] ? nft_lookup_eval+0x59/0x160 [nf_tables] +[709732.359163] ? nft_do_chain+0x364/0x500 [nf_tables] +[709732.359172] ? fib4_rule_action+0x6d/0x80 +[709732.359178] ? fib_rules_lookup+0x107/0x250 +[709732.359184] nft_nat_do_chain+0x8a/0xf2 [nft_chain_nat] +[709732.359193] nf_nat_inet_fn+0xea/0x210 [nf_nat] +[709732.359202] nf_nat_ipv4_out+0x14/0xa0 [nf_nat] +[709732.359207] nf_hook_slow+0x44/0xc0 +[709732.359214] ip_output+0xd2/0x100 +[709732.359221] ? __ip_finish_output+0x210/0x210 +[709732.359226] ip_forward+0x37d/0x4a0 +[709732.359232] ? ip4_key_hashfn+0xb0/0xb0 +[709732.359238] ip_sublist_rcv_finish+0x4f/0x60 +[709732.359243] ip_sublist_rcv+0x196/0x220 +[709732.359250] ? ip_rcv_finish_core.isra.22+0x400/0x400 +[709732.359255] ip_list_rcv+0x137/0x160 +[709732.359264] __netif_receive_skb_list_core+0x29b/0x2c0 +[709732.359272] netif_receive_skb_list_internal+0x1a6/0x2d0 +[709732.359280] gro_normal_list.part.156+0x19/0x40 +[709732.359286] napi_complete_done+0x67/0x170 +[709732.359298] bnxt_poll+0x105/0x190 [bnxt_en] +[709732.359304] ? irqentry_exit+0x29/0x30 +[709732.359309] ? asm_common_interrupt+0x1e/0x40 +[709732.359315] net_rx_action+0x144/0x3c0 +[709732.359322] __do_softirq+0xd5/0x29c +[709732.359329] asm_call_irq_on_stack+0xf/0x20 +[709732.359332] </IRQ> +[709732.359339] do_softirq_own_stack+0x37/0x40 +[709732.359346] irq_exit_rcu+0x9d/0xa0 +[709732.359353] common_interrupt+0x78/0x130 +[709732.359358] asm_common_interrupt+0x1e/0x40 +[709732.359366] RIP: 0010:crc_41+0x0/0x1e [crc32c_intel] +[709732.359370] Code: ff ff f2 4d 0f 38 f1 93 a8 fe ff ff f2 4c 0f 38 f1 81 b0 fe ff ff f2 4c 0f 38 f1 8a b0 fe ff ff f2 4d 0f 38 f1 93 b0 fe ff ff <f2> 4c 0f 38 f1 81 b8 fe ff ff f2 4c 0f 38 f1 8a b8 fe ff ff f2 4d +[709732.359373] RSP: 0018:ffffbb97008dfcd0 EFLAGS: 00000246 +[709732.359377] RAX: 000000000000002a RBX: 0000000000000400 RCX: ffff922fc591dd50 +[709732.359379] RDX: ffff922fc591dea0 RSI: 0000000000000a14 RDI: ffffffffc00dddc0 +[709732.359382] RBP: 0000000000001000 R08: 000000000342d8c3 R09: 0000000000000000 +[709732.359384] R10: 0000000000000000 R11: ffff922fc591dff0 R12: ffffbb97008dfe58 +[709732.359386] R13: 000000000000000a R14: ffff922fd2b91e80 R15: ffff922fef83fe38 +[709732.359395] ? crc_43+0x1e/0x1e [crc32c_intel] +[709732.359403] ? crc32c_pcl_intel_update+0x97/0xb0 [crc32c_intel] +[709732.359419] ? jbd2_journal_commit_transaction+0xaec/0x1a30 [jbd2] +[709732.359425] ? irq_exit_rcu+0x3e/0xa0 +[709732.359447] ? kjournald2+0xbd/0x270 [jbd2] +[709732.359454] ? finish_wait+0x80/0x80 +[709732.359470] ? commit_timeout+0x10/0x10 [jbd2] +[709732.359476] ? kthread+0x116/0x130 +[709732.359481] ? kthread_park+0x80/0x80 +[709732.359488] ? ret_from_fork+0x1f/0x30 +[709732.359494] ---[ end trace 081a19978e5f09f5 ]--- + +that is, nft_pipapo_avx2_lookup() uses the FPU running from a softirq +that interrupted a kthread, also using the FPU. + +That's exactly the reason why irq_fpu_usable() is there: use it, and +if we can't use the FPU, fall back to the non-AVX2 version of the +lookup operation, i.e. nft_pipapo_lookup(). + +The Linux kernel CVE team has assigned CVE-2021-47174 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 5.7 with commit 7400b063969b and fixed in 5.10.42 with commit b1f45a26bd32 + Issue introduced in 5.7 with commit 7400b063969b and fixed in 5.12.9 with commit 727a2b4fc951 + Issue introduced in 5.7 with commit 7400b063969b and fixed in 5.13 with commit f0b3d338064e + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47174 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + net/netfilter/nft_set_pipapo.c + net/netfilter/nft_set_pipapo.h + net/netfilter/nft_set_pipapo_avx2.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/b1f45a26bd322525c14edd9504f6d46dfad679a4 + https://git.kernel.org/stable/c/727a2b4fc951ee69847d4904d98961856ea9fbe6 + https://git.kernel.org/stable/c/f0b3d338064e1fe7531f0d2977e35f3b334abfb4 diff --git a/cve/published/2021/CVE-2021-47174.sha1 b/cve/published/2021/CVE-2021-47174.sha1 new file mode 100644 index 00000000..4f51a606 --- /dev/null +++ b/cve/published/2021/CVE-2021-47174.sha1 @@ -0,0 +1 @@ +f0b3d338064e1fe7531f0d2977e35f3b334abfb4 diff --git a/cve/reserved/2021/CVE-2021-47175 b/cve/published/2021/CVE-2021-47175 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47175 +++ b/cve/published/2021/CVE-2021-47175 diff --git a/cve/published/2021/CVE-2021-47175.json b/cve/published/2021/CVE-2021-47175.json new file mode 100644 index 00000000..3530f23d --- /dev/null +++ b/cve/published/2021/CVE-2021-47175.json @@ -0,0 +1,103 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fq_pie: fix OOB access in the traffic path\n\nthe following script:\n\n # tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2\n # tc qdisc add dev eth0 clsact\n # tc filter add dev eth0 egress matchall action skbedit priority 0x10002\n # ping 192.0.2.2 -I eth0 -c2 -w1 -q\n\nproduces the following splat:\n\n BUG: KASAN: slab-out-of-bounds in fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie]\n Read of size 4 at addr ffff888171306924 by task ping/942\n\n CPU: 3 PID: 942 Comm: ping Not tainted 5.12.0+ #441\n Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014\n Call Trace:\n dump_stack+0x92/0xc1\n print_address_description.constprop.7+0x1a/0x150\n kasan_report.cold.13+0x7f/0x111\n fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie]\n __dev_queue_xmit+0x1034/0x2b10\n ip_finish_output2+0xc62/0x2120\n __ip_finish_output+0x553/0xea0\n ip_output+0x1ca/0x4d0\n ip_send_skb+0x37/0xa0\n raw_sendmsg+0x1c4b/0x2d00\n sock_sendmsg+0xdb/0x110\n __sys_sendto+0x1d7/0x2b0\n __x64_sys_sendto+0xdd/0x1b0\n do_syscall_64+0x3c/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7fe69735c3eb\n Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 75 42 2c 00 41 89 ca 8b 00 85 c0 75 14 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 75 c3 0f 1f 40 00 41 57 4d 89 c7 41 56 41 89\n RSP: 002b:00007fff06d7fb38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\n RAX: ffffffffffffffda RBX: 000055e961413700 RCX: 00007fe69735c3eb\n RDX: 0000000000000040 RSI: 000055e961413700 RDI: 0000000000000003\n RBP: 0000000000000040 R08: 000055e961410500 R09: 0000000000000010\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff06d81260\n R13: 00007fff06d7fb40 R14: 00007fff06d7fc30 R15: 000055e96140f0a0\n\n Allocated by task 917:\n kasan_save_stack+0x19/0x40\n __kasan_kmalloc+0x7f/0xa0\n __kmalloc_node+0x139/0x280\n fq_pie_init+0x555/0x8e8 [sch_fq_pie]\n qdisc_create+0x407/0x11b0\n tc_modify_qdisc+0x3c2/0x17e0\n rtnetlink_rcv_msg+0x346/0x8e0\n netlink_rcv_skb+0x120/0x380\n netlink_unicast+0x439/0x630\n netlink_sendmsg+0x719/0xbf0\n sock_sendmsg+0xe2/0x110\n ____sys_sendmsg+0x5ba/0x890\n ___sys_sendmsg+0xe9/0x160\n __sys_sendmsg+0xd3/0x170\n do_syscall_64+0x3c/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n The buggy address belongs to the object at ffff888171306800\n which belongs to the cache kmalloc-256 of size 256\n The buggy address is located 36 bytes to the right of\n 256-byte region [ffff888171306800, ffff888171306900)\n The buggy address belongs to the page:\n page:00000000bcfb624e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x171306\n head:00000000bcfb624e order:1 compound_mapcount:0\n flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff)\n raw: 0017ffffc0010200 dead000000000100 dead000000000122 ffff888100042b40\n raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff888171306800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888171306880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc\n >ffff888171306900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ^\n ffff888171306980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ffff888171306a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n\nfix fq_pie traffic path to avoid selecting 'q->flows + q->flows_cnt' as a\nvalid flow: it's an address beyond the allocated memory." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "ec97ecf1ebe4", + "lessThan": "e6294c06e7c6", + "status": "affected", + "versionType": "git" + }, + { + "version": "ec97ecf1ebe4", + "lessThan": "7a1bdec12e43", + "status": "affected", + "versionType": "git" + }, + { + "version": "ec97ecf1ebe4", + "lessThan": "e70f7a11876a", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "5.6", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.6", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/e6294c06e7c62ffdd5bf3df696d3a4fcbb753d3c" + }, + { + "url": "https://git.kernel.org/stable/c/7a1bdec12e43e29cc34a4394590337069d8812ce" + }, + { + "url": "https://git.kernel.org/stable/c/e70f7a11876a1a788ceadf75e9e5f7af2c868680" + } + ], + "title": "net/sched: fq_pie: fix OOB access in the traffic path", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47175", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47175.mbox b/cve/published/2021/CVE-2021-47175.mbox new file mode 100644 index 00000000..0603c804 --- /dev/null +++ b/cve/published/2021/CVE-2021-47175.mbox @@ -0,0 +1,144 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47175: net/sched: fq_pie: fix OOB access in the traffic path +Message-Id: <2024032537-CVE-2021-47175-5b85@gregkh> +Content-Length: 5168 +Lines: 127 +X-Developer-Signature: v=1; a=openpgp-sha256; l=5296; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=vOGkbkscP463eZtxAksRDLtcszWrDtFL8KDEROR5VwA=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDl9/rjl++tSdgw/LwyR3JT/YMe8dqyX/6glcs3+bt + ToK/guQ6YhlYRBkYpAVU2T5so3n6P6KQ4pehranYeawMoEMYeDiFICJKJxkWHA9fuP7xntWe9XW + hdxLnPBQueLSUXmG+b7ir18Gtay7f2ppzvukq2/aroZeSwUA +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +net/sched: fq_pie: fix OOB access in the traffic path + +the following script: + + # tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2 + # tc qdisc add dev eth0 clsact + # tc filter add dev eth0 egress matchall action skbedit priority 0x10002 + # ping 192.0.2.2 -I eth0 -c2 -w1 -q + +produces the following splat: + + BUG: KASAN: slab-out-of-bounds in fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie] + Read of size 4 at addr ffff888171306924 by task ping/942 + + CPU: 3 PID: 942 Comm: ping Not tainted 5.12.0+ #441 + Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014 + Call Trace: + dump_stack+0x92/0xc1 + print_address_description.constprop.7+0x1a/0x150 + kasan_report.cold.13+0x7f/0x111 + fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie] + __dev_queue_xmit+0x1034/0x2b10 + ip_finish_output2+0xc62/0x2120 + __ip_finish_output+0x553/0xea0 + ip_output+0x1ca/0x4d0 + ip_send_skb+0x37/0xa0 + raw_sendmsg+0x1c4b/0x2d00 + sock_sendmsg+0xdb/0x110 + __sys_sendto+0x1d7/0x2b0 + __x64_sys_sendto+0xdd/0x1b0 + do_syscall_64+0x3c/0x80 + entry_SYSCALL_64_after_hwframe+0x44/0xae + RIP: 0033:0x7fe69735c3eb + Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 75 42 2c 00 41 89 ca 8b 00 85 c0 75 14 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 75 c3 0f 1f 40 00 41 57 4d 89 c7 41 56 41 89 + RSP: 002b:00007fff06d7fb38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c + RAX: ffffffffffffffda RBX: 000055e961413700 RCX: 00007fe69735c3eb + RDX: 0000000000000040 RSI: 000055e961413700 RDI: 0000000000000003 + RBP: 0000000000000040 R08: 000055e961410500 R09: 0000000000000010 + R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff06d81260 + R13: 00007fff06d7fb40 R14: 00007fff06d7fc30 R15: 000055e96140f0a0 + + Allocated by task 917: + kasan_save_stack+0x19/0x40 + __kasan_kmalloc+0x7f/0xa0 + __kmalloc_node+0x139/0x280 + fq_pie_init+0x555/0x8e8 [sch_fq_pie] + qdisc_create+0x407/0x11b0 + tc_modify_qdisc+0x3c2/0x17e0 + rtnetlink_rcv_msg+0x346/0x8e0 + netlink_rcv_skb+0x120/0x380 + netlink_unicast+0x439/0x630 + netlink_sendmsg+0x719/0xbf0 + sock_sendmsg+0xe2/0x110 + ____sys_sendmsg+0x5ba/0x890 + ___sys_sendmsg+0xe9/0x160 + __sys_sendmsg+0xd3/0x170 + do_syscall_64+0x3c/0x80 + entry_SYSCALL_64_after_hwframe+0x44/0xae + + The buggy address belongs to the object at ffff888171306800 + which belongs to the cache kmalloc-256 of size 256 + The buggy address is located 36 bytes to the right of + 256-byte region [ffff888171306800, ffff888171306900) + The buggy address belongs to the page: + page:00000000bcfb624e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x171306 + head:00000000bcfb624e order:1 compound_mapcount:0 + flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) + raw: 0017ffffc0010200 dead000000000100 dead000000000122 ffff888100042b40 + raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 + page dumped because: kasan: bad access detected + + Memory state around the buggy address: + ffff888171306800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + ffff888171306880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc + >ffff888171306900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc + ^ + ffff888171306980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc + ffff888171306a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb + +fix fq_pie traffic path to avoid selecting 'q->flows + q->flows_cnt' as a +valid flow: it's an address beyond the allocated memory. + +The Linux kernel CVE team has assigned CVE-2021-47175 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 5.6 with commit ec97ecf1ebe4 and fixed in 5.10.42 with commit e6294c06e7c6 + Issue introduced in 5.6 with commit ec97ecf1ebe4 and fixed in 5.12.9 with commit 7a1bdec12e43 + Issue introduced in 5.6 with commit ec97ecf1ebe4 and fixed in 5.13 with commit e70f7a11876a + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47175 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + net/sched/sch_fq_pie.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/e6294c06e7c62ffdd5bf3df696d3a4fcbb753d3c + https://git.kernel.org/stable/c/7a1bdec12e43e29cc34a4394590337069d8812ce + https://git.kernel.org/stable/c/e70f7a11876a1a788ceadf75e9e5f7af2c868680 diff --git a/cve/published/2021/CVE-2021-47175.sha1 b/cve/published/2021/CVE-2021-47175.sha1 new file mode 100644 index 00000000..6c48ce49 --- /dev/null +++ b/cve/published/2021/CVE-2021-47175.sha1 @@ -0,0 +1 @@ +e70f7a11876a1a788ceadf75e9e5f7af2c868680 diff --git a/cve/reserved/2021/CVE-2021-47176 b/cve/published/2021/CVE-2021-47176 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47176 +++ b/cve/published/2021/CVE-2021-47176 diff --git a/cve/published/2021/CVE-2021-47176.json b/cve/published/2021/CVE-2021-47176.json new file mode 100644 index 00000000..5af767ad --- /dev/null +++ b/cve/published/2021/CVE-2021-47176.json @@ -0,0 +1,108 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: add missing discipline function\n\nFix crash with illegal operation exception in dasd_device_tasklet.\nCommit b72949328869 (\"s390/dasd: Prepare for additional path event handling\")\nrenamed the verify_path function for ECKD but not for FBA and DIAG.\nThis leads to a panic when the path verification function is called for a\nFBA or DIAG device.\n\nFix by defining a wrapper function for dasd_generic_verify_path()." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "8bc5a76268fb", + "lessThan": "6a16810068e7", + "status": "affected", + "versionType": "git" + }, + { + "version": "72aebdac390b", + "lessThan": "aa8579bc0846", + "status": "affected", + "versionType": "git" + }, + { + "version": "b72949328869", + "lessThan": "a16be88a3d7e", + "status": "affected", + "versionType": "git" + }, + { + "version": "b72949328869", + "lessThan": "c0c8a8397fa8", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "5.4.237", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.175", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/6a16810068e70959bc1df686424aa35ce05578f1" + }, + { + "url": "https://git.kernel.org/stable/c/aa8579bc084673c651204f7cd0d6308a47dffc16" + }, + { + "url": "https://git.kernel.org/stable/c/a16be88a3d7e5efcb59a15edea87a8bd369630c6" + }, + { + "url": "https://git.kernel.org/stable/c/c0c8a8397fa8a74d04915f4d3d28cb4a5d401427" + } + ], + "title": "s390/dasd: add missing discipline function", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47176", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47176.mbox b/cve/published/2021/CVE-2021-47176.mbox new file mode 100644 index 00000000..09018880 --- /dev/null +++ b/cve/published/2021/CVE-2021-47176.mbox @@ -0,0 +1,76 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47176: s390/dasd: add missing discipline function +Message-Id: <2024032538-CVE-2021-47176-015a@gregkh> +Content-Length: 2382 +Lines: 59 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2442; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=GRU8Jqr/rDY+OLZ0kzMB86jYXhgu3LIKzDMlD3lkDHQ=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDt9MXhutCt+x+IatjsPpxAbthTE+C1au0A9Tb+7MX + /NzvYFpRywLgyATg6yYIsuXbTxH91ccUvQytD0NM4eVCWQIAxenAEzkzCSGBdMrfHpaTsXb7qzp + Nb2z9cX1g1+eMjAs2CZQ/qdYwtbG5FbKrt9X78kz8TmtBQA= +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +s390/dasd: add missing discipline function + +Fix crash with illegal operation exception in dasd_device_tasklet. +Commit b72949328869 ("s390/dasd: Prepare for additional path event handling") +renamed the verify_path function for ECKD but not for FBA and DIAG. +This leads to a panic when the path verification function is called for a +FBA or DIAG device. + +Fix by defining a wrapper function for dasd_generic_verify_path(). + +The Linux kernel CVE team has assigned CVE-2021-47176 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 5.4.235 with commit 8bc5a76268fb and fixed in 5.4.237 with commit 6a16810068e7 + Issue introduced in 5.10.173 with commit 72aebdac390b and fixed in 5.10.175 with commit aa8579bc0846 + Issue introduced in 5.11 with commit b72949328869 and fixed in 5.12.9 with commit a16be88a3d7e + Issue introduced in 5.11 with commit b72949328869 and fixed in 5.13 with commit c0c8a8397fa8 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47176 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + drivers/s390/block/dasd_diag.c + drivers/s390/block/dasd_fba.c + drivers/s390/block/dasd_int.h + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/6a16810068e70959bc1df686424aa35ce05578f1 + https://git.kernel.org/stable/c/aa8579bc084673c651204f7cd0d6308a47dffc16 + https://git.kernel.org/stable/c/a16be88a3d7e5efcb59a15edea87a8bd369630c6 + https://git.kernel.org/stable/c/c0c8a8397fa8a74d04915f4d3d28cb4a5d401427 diff --git a/cve/published/2021/CVE-2021-47176.sha1 b/cve/published/2021/CVE-2021-47176.sha1 new file mode 100644 index 00000000..b8c2af37 --- /dev/null +++ b/cve/published/2021/CVE-2021-47176.sha1 @@ -0,0 +1 @@ +c0c8a8397fa8a74d04915f4d3d28cb4a5d401427 diff --git a/cve/reserved/2021/CVE-2021-47177 b/cve/published/2021/CVE-2021-47177 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47177 +++ b/cve/published/2021/CVE-2021-47177 diff --git a/cve/published/2021/CVE-2021-47177.json b/cve/published/2021/CVE-2021-47177.json new file mode 100644 index 00000000..f3f29095 --- /dev/null +++ b/cve/published/2021/CVE-2021-47177.json @@ -0,0 +1,148 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix sysfs leak in alloc_iommu()\n\niommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent\nerrors." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "39ab9555c2411", + "lessThan": "22da9f497838", + "status": "affected", + "versionType": "git" + }, + { + "version": "39ab9555c2411", + "lessThan": "2ec5e9bb6b05", + "status": "affected", + "versionType": "git" + }, + { + "version": "39ab9555c2411", + "lessThan": "044bbe8b92ab", + "status": "affected", + "versionType": "git" + }, + { + "version": "39ab9555c2411", + "lessThan": "f01134321d04", + "status": "affected", + "versionType": "git" + }, + { + "version": "39ab9555c2411", + "lessThan": "ca466561eef3", + "status": "affected", + "versionType": "git" + }, + { + "version": "39ab9555c2411", + "lessThan": "0ee74d5a4863", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "4.11", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.11", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.14.235", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.193", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.124", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.42", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/22da9f4978381a99f1abaeaf6c9b83be6ab5ddd8" + }, + { + "url": "https://git.kernel.org/stable/c/2ec5e9bb6b0560c90d315559c28a99723c80b996" + }, + { + "url": "https://git.kernel.org/stable/c/044bbe8b92ab4e542de7f6c93c88ea65cccd8e29" + }, + { + "url": "https://git.kernel.org/stable/c/f01134321d04f47c718bb41b799bcdeda27873d2" + }, + { + "url": "https://git.kernel.org/stable/c/ca466561eef36d1ec657673e3944eb6340bddb5b" + }, + { + "url": "https://git.kernel.org/stable/c/0ee74d5a48635c848c20f152d0d488bf84641304" + } + ], + "title": "iommu/vt-d: Fix sysfs leak in alloc_iommu()", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47177", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47177.mbox b/cve/published/2021/CVE-2021-47177.mbox new file mode 100644 index 00000000..0fdacb24 --- /dev/null +++ b/cve/published/2021/CVE-2021-47177.mbox @@ -0,0 +1,73 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47177: iommu/vt-d: Fix sysfs leak in alloc_iommu() +Message-Id: <2024032538-CVE-2021-47177-4d4a@gregkh> +Content-Length: 2373 +Lines: 56 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2430; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=vZTRc1ZZN3fEokeChnJKTIATNPAUTWlbizXU851mnkU=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDt90THZM+hPJsZpNxPz041tfXNmsGxt3W4iLv9u2x + 2l6kXpURywLgyATg6yYIsuXbTxH91ccUvQytD0NM4eVCWQIAxenAEzkxwuG+W7vr2atvDR1+43j + dq+XiLJNbGvZuohhwbY1pq6exkzJGQm7Mkxi+Iu8/WRjAQ== +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +iommu/vt-d: Fix sysfs leak in alloc_iommu() + +iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent +errors. + +The Linux kernel CVE team has assigned CVE-2021-47177 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 4.11 with commit 39ab9555c2411 and fixed in 4.14.235 with commit 22da9f497838 + Issue introduced in 4.11 with commit 39ab9555c2411 and fixed in 4.19.193 with commit 2ec5e9bb6b05 + Issue introduced in 4.11 with commit 39ab9555c2411 and fixed in 5.4.124 with commit 044bbe8b92ab + Issue introduced in 4.11 with commit 39ab9555c2411 and fixed in 5.10.42 with commit f01134321d04 + Issue introduced in 4.11 with commit 39ab9555c2411 and fixed in 5.12.9 with commit ca466561eef3 + Issue introduced in 4.11 with commit 39ab9555c2411 and fixed in 5.13 with commit 0ee74d5a4863 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47177 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + drivers/iommu/intel/dmar.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/22da9f4978381a99f1abaeaf6c9b83be6ab5ddd8 + https://git.kernel.org/stable/c/2ec5e9bb6b0560c90d315559c28a99723c80b996 + https://git.kernel.org/stable/c/044bbe8b92ab4e542de7f6c93c88ea65cccd8e29 + https://git.kernel.org/stable/c/f01134321d04f47c718bb41b799bcdeda27873d2 + https://git.kernel.org/stable/c/ca466561eef36d1ec657673e3944eb6340bddb5b + https://git.kernel.org/stable/c/0ee74d5a48635c848c20f152d0d488bf84641304 diff --git a/cve/published/2021/CVE-2021-47177.sha1 b/cve/published/2021/CVE-2021-47177.sha1 new file mode 100644 index 00000000..c53b0508 --- /dev/null +++ b/cve/published/2021/CVE-2021-47177.sha1 @@ -0,0 +1 @@ +0ee74d5a48635c848c20f152d0d488bf84641304 diff --git a/cve/reserved/2021/CVE-2021-47178 b/cve/published/2021/CVE-2021-47178 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47178 +++ b/cve/published/2021/CVE-2021-47178 diff --git a/cve/published/2021/CVE-2021-47178.json b/cve/published/2021/CVE-2021-47178.json new file mode 100644 index 00000000..225a1032 --- /dev/null +++ b/cve/published/2021/CVE-2021-47178.json @@ -0,0 +1,88 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Avoid smp_processor_id() in preemptible code\n\nThe BUG message \"BUG: using smp_processor_id() in preemptible [00000000]\ncode\" was observed for TCMU devices with kernel config DEBUG_PREEMPT.\n\nThe message was observed when blktests block/005 was run on TCMU devices\nwith fileio backend or user:zbc backend [1]. The commit 1130b499b4a7\n(\"scsi: target: tcm_loop: Use LIO wq cmd submission helper\") triggered the\nsymptom. The commit modified work queue to handle commands and changed\n'current->nr_cpu_allowed' at smp_processor_id() call.\n\nThe message was also observed at system shutdown when TCMU devices were not\ncleaned up [2]. The function smp_processor_id() was called in SCSI host\nwork queue for abort handling, and triggered the BUG message. This symptom\nwas observed regardless of the commit 1130b499b4a7 (\"scsi: target:\ntcm_loop: Use LIO wq cmd submission helper\").\n\nTo avoid the preemptible code check at smp_processor_id(), get CPU ID with\nraw_smp_processor_id() instead. The CPU ID is used for performance\nimprovement then thread move to other CPU will not affect the code.\n\n[1]\n\n[ 56.468103] run blktests block/005 at 2021-05-12 14:16:38\n[ 57.369473] check_preemption_disabled: 85 callbacks suppressed\n[ 57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511\n[ 57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510\n[ 57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506\n[ 57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34\n[ 57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[ 57.369617] Call Trace:\n[ 57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507\n[ 57.369628] dump_stack+0x6d/0x89\n[ 57.369642] check_preemption_disabled+0xc8/0xd0\n[ 57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod]\n[ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod]\n[ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop]\n[ 57.369744] scsi_queue_rq+0x38e/0xc40\n[ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0\n[ 57.369779] blk_mq_try_issue_directly+0x43/0x90\n[ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0\n[ 57.369812] submit_bio_noacct+0x46e/0x4e0\n[ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2d0\n[ 57.369859] ? set_init_blocksize.isra.0+0x60/0x60\n[ 57.369880] generic_file_read_iter+0x89/0x160\n[ 57.369898] blkdev_read_iter+0x44/0x60\n[ 57.369906] new_sync_read+0x102/0x170\n[ 57.369929] vfs_read+0xd4/0x160\n[ 57.369941] __x64_sys_pread64+0x6e/0xa0\n[ 57.369946] ? lockdep_hardirqs_on+0x79/0x100\n[ 57.369958] do_syscall_64+0x3a/0x70\n[ 57.369965] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 57.369973] RIP: 0033:0x7f7ed4c1399f\n[ 57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b\n[ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[ 57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f\n[ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009\n[ 57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001\n[ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70\n[ 57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568\n[ 57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34\n[ 57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[ 57.370039] Call Trace:\n[ 57.370045] dump_stack+0x6d/0x89\n[ 57.370056] ch\n---truncated---" + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "1526d9f10c61", + "lessThan": "a20b6eaf4f35", + "status": "affected", + "versionType": "git" + }, + { + "version": "1526d9f10c61", + "lessThan": "70ca3c57ff91", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "5.11", + "status": "affected" + }, + { + "version": "0", + "lessThan": "5.11", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.9", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f" + }, + { + "url": "https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1" + } + ], + "title": "scsi: target: core: Avoid smp_processor_id() in preemptible code", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47178", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47178.mbox b/cve/published/2021/CVE-2021-47178.mbox new file mode 100644 index 00000000..b243364f --- /dev/null +++ b/cve/published/2021/CVE-2021-47178.mbox @@ -0,0 +1,155 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47178: scsi: target: core: Avoid smp_processor_id() in preemptible code +Message-Id: <2024032538-CVE-2021-47178-6167@gregkh> +Content-Length: 6800 +Lines: 138 +X-Developer-Signature: v=1; a=openpgp-sha256; l=6939; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=rYsQUTShoYDlusD7fvFVJ/P2Z7AUDOsmOSCfiyMvMW0=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDt/2Rxc6m+9g/y5hfL8ybHZ68+2E22kHXtp1rFM/e + +H29NQtHbEsDIJMDLJiiixftvEc3V9xSNHL0PY0zBxWJpAhDFycAjARRQ6G+X7q02YoztqQOiVC + XXxCau005tqvTAwL5s5bvH5qD/9R3poCs41zYyaX7IypAQA= +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +scsi: target: core: Avoid smp_processor_id() in preemptible code + +The BUG message "BUG: using smp_processor_id() in preemptible [00000000] +code" was observed for TCMU devices with kernel config DEBUG_PREEMPT. + +The message was observed when blktests block/005 was run on TCMU devices +with fileio backend or user:zbc backend [1]. The commit 1130b499b4a7 +("scsi: target: tcm_loop: Use LIO wq cmd submission helper") triggered the +symptom. The commit modified work queue to handle commands and changed +'current->nr_cpu_allowed' at smp_processor_id() call. + +The message was also observed at system shutdown when TCMU devices were not +cleaned up [2]. The function smp_processor_id() was called in SCSI host +work queue for abort handling, and triggered the BUG message. This symptom +was observed regardless of the commit 1130b499b4a7 ("scsi: target: +tcm_loop: Use LIO wq cmd submission helper"). + +To avoid the preemptible code check at smp_processor_id(), get CPU ID with +raw_smp_processor_id() instead. The CPU ID is used for performance +improvement then thread move to other CPU will not affect the code. + +[1] + +[ 56.468103] run blktests block/005 at 2021-05-12 14:16:38 +[ 57.369473] check_preemption_disabled: 85 callbacks suppressed +[ 57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511 +[ 57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510 +[ 57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506 +[ 57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod] +[ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34 +[ 57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 +[ 57.369617] Call Trace: +[ 57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507 +[ 57.369628] dump_stack+0x6d/0x89 +[ 57.369642] check_preemption_disabled+0xc8/0xd0 +[ 57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod] +[ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod] +[ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod] +[ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop] +[ 57.369744] scsi_queue_rq+0x38e/0xc40 +[ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0 +[ 57.369779] blk_mq_try_issue_directly+0x43/0x90 +[ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0 +[ 57.369812] submit_bio_noacct+0x46e/0x4e0 +[ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2d0 +[ 57.369859] ? set_init_blocksize.isra.0+0x60/0x60 +[ 57.369880] generic_file_read_iter+0x89/0x160 +[ 57.369898] blkdev_read_iter+0x44/0x60 +[ 57.369906] new_sync_read+0x102/0x170 +[ 57.369929] vfs_read+0xd4/0x160 +[ 57.369941] __x64_sys_pread64+0x6e/0xa0 +[ 57.369946] ? lockdep_hardirqs_on+0x79/0x100 +[ 57.369958] do_syscall_64+0x3a/0x70 +[ 57.369965] entry_SYSCALL_64_after_hwframe+0x44/0xae +[ 57.369973] RIP: 0033:0x7f7ed4c1399f +[ 57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b +[ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011 +[ 57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f +[ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009 +[ 57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001 +[ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70 +[ 57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568 +[ 57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34 +[ 57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 +[ 57.370039] Call Trace: +[ 57.370045] dump_stack+0x6d/0x89 +[ 57.370056] check_preemption_disabled+0xc8/0xd0 +[ 57.370068] __target_init_cmd+0x157/0x170 [target_core_mod] +[ 57.370121] target_init_cmd+0x76/0x90 [target_core_mod] +[ 57.370178] tcm_loop_queuecommand+0x109/0x210 [tcm_loop] +[ 57.370197] scsi_queue_rq+0x38e/0xc40 +[ 57.370224] __blk_mq_try_issue_directly+0x109/0x1c0 +... + +[2] + +[ 117.458597] BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u16:8 +[ 117.467279] caller is __target_init_cmd+0x157/0x170 [target_core_mod] +[ 117.473893] CPU: 1 PID: 418 Comm: kworker/u16:6 Not tainted 5.13.0-rc1+ #34 +[ 117.481150] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 8 +[ 117.481153] Workqueue: scsi_tmf_7 scmd_eh_abort_handler +[ 117.481156] Call Trace: +[ 117.481158] dump_stack+0x6d/0x89 +[ 117.481162] check_preemption_disabled+0xc8/0xd0 +[ 117.512575] target_submit_tmr+0x41/0x150 [target_core_mod] +[ 117.519705] tcm_loop_issue_tmr+0xa7/0x100 [tcm_loop] +[ 117.524913] tcm_loop_abort_task+0x43/0x60 [tcm_loop] +[ 117.530137] scmd_eh_abort_handler+0x7b/0x230 +[ 117.534681] process_one_work+0x268/0x580 +[ 117.538862] worker_thread+0x55/0x3b0 +[ 117.542652] ? process_one_work+0x580/0x580 +[ 117.548351] kthread+0x143/0x160 +[ 117.551675] ? kthread_create_worker_on_cpu+0x40/0x40 +[ 117.556873] ret_from_fork+0x1f/0x30 + +The Linux kernel CVE team has assigned CVE-2021-47178 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 5.11 with commit 1526d9f10c61 and fixed in 5.12.9 with commit a20b6eaf4f35 + Issue introduced in 5.11 with commit 1526d9f10c61 and fixed in 5.13 with commit 70ca3c57ff91 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47178 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + drivers/target/target_core_transport.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f + https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1 diff --git a/cve/published/2021/CVE-2021-47178.sha1 b/cve/published/2021/CVE-2021-47178.sha1 new file mode 100644 index 00000000..4323c2d4 --- /dev/null +++ b/cve/published/2021/CVE-2021-47178.sha1 @@ -0,0 +1 @@ +70ca3c57ff914113f681e657634f7fbfa68e1ad1 diff --git a/cve/reserved/2021/CVE-2021-47179 b/cve/published/2021/CVE-2021-47179 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47179 +++ b/cve/published/2021/CVE-2021-47179 diff --git a/cve/published/2021/CVE-2021-47179.json b/cve/published/2021/CVE-2021-47179.json new file mode 100644 index 00000000..9d0b7918 --- /dev/null +++ b/cve/published/2021/CVE-2021-47179.json @@ -0,0 +1,138 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()\n\nCommit de144ff4234f changes _pnfs_return_layout() to call\npnfs_mark_matching_lsegs_return() passing NULL as the struct\npnfs_layout_range argument. Unfortunately,\npnfs_mark_matching_lsegs_return() doesn't check if we have a value here\nbefore dereferencing it, causing an oops.\n\nI'm able to hit this crash consistently when running connectathon basic\ntests on NFS v4.1/v4.2 against Ontap." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "80e34f4957ec", + "lessThan": "4e1ba532dbc1", + "status": "affected", + "versionType": "git" + }, + { + "version": "7b7b97746432", + "lessThan": "42637ca25c7d", + "status": "affected", + "versionType": "git" + }, + { + "version": "9ffa7967f937", + "lessThan": "39785761fead", + "status": "affected", + "versionType": "git" + }, + { + "version": "6be0e4b59314", + "lessThan": "aba3c7795f51", + "status": "affected", + "versionType": "git" + }, + { + "version": "2fafe7d5047f", + "lessThan": "f9890652185b", + "status": "affected", + "versionType": "git" + }, + { + "version": "7e65ea887d0c", + "lessThan": "b090d110e666", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "4.9.269", + "lessThan": "4.9.271", + "status": "affected", + "versionType": "custom" + }, + { + "version": "4.14.233", + "lessThan": "4.14.235", + "status": "affected", + "versionType": "custom" + }, + { + "version": "4.19.191", + "lessThan": "4.19.193", + "status": "affected", + "versionType": "custom" + }, + { + "version": "5.4.118", + "lessThan": "5.4.124", + "status": "affected", + "versionType": "custom" + }, + { + "version": "5.10.36", + "lessThan": "5.10.42", + "status": "affected", + "versionType": "custom" + }, + { + "version": "5.12.3", + "lessThan": "5.12.9", + "status": "affected", + "versionType": "custom" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/4e1ba532dbc1a0e19fc2458d74ab8d98680c4e42" + }, + { + "url": "https://git.kernel.org/stable/c/42637ca25c7d7b5a92804a679af5192e8c1a9f48" + }, + { + "url": "https://git.kernel.org/stable/c/39785761feadf261bc5101372b0b0bbaf6a94494" + }, + { + "url": "https://git.kernel.org/stable/c/aba3c7795f51717ae316f3566442dee7cc3eeccb" + }, + { + "url": "https://git.kernel.org/stable/c/f9890652185b72b8de9ebeb4406037640b6e1b53" + }, + { + "url": "https://git.kernel.org/stable/c/b090d110e66636bca473fd8b98d5c97b555a965a" + } + ], + "title": "NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47179", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47179.mbox b/cve/published/2021/CVE-2021-47179.mbox new file mode 100644 index 00000000..a1a32cf8 --- /dev/null +++ b/cve/published/2021/CVE-2021-47179.mbox @@ -0,0 +1,79 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47179: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() +Message-Id: <2024032538-CVE-2021-47179-d9c2@gregkh> +Content-Length: 2705 +Lines: 62 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2768; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=hjbfMFZcKX+ugIuNvzdpGQmgdPa2FsIDJKsmN7Dgfy4=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDt+evl2ylOdcICury4YtNWbCO1peKrAy+Ta/VS1I/ + Sqt/rukI5aFQZCJQVZMkeXLNp6j+ysOKXoZ2p6GmcPKBDKEgYtTACaiVckwP69AKeqyw+vo8M/J + 15nNllz1fH5yAsM8A80vXV91J/QrqP2XbNIq50/W5QsFAA== +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() + +Commit de144ff4234f changes _pnfs_return_layout() to call +pnfs_mark_matching_lsegs_return() passing NULL as the struct +pnfs_layout_range argument. Unfortunately, +pnfs_mark_matching_lsegs_return() doesn't check if we have a value here +before dereferencing it, causing an oops. + +I'm able to hit this crash consistently when running connectathon basic +tests on NFS v4.1/v4.2 against Ontap. + +The Linux kernel CVE team has assigned CVE-2021-47179 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 4.9.269 with commit 80e34f4957ec and fixed in 4.9.271 with commit 4e1ba532dbc1 + Issue introduced in 4.14.233 with commit 7b7b97746432 and fixed in 4.14.235 with commit 42637ca25c7d + Issue introduced in 4.19.191 with commit 9ffa7967f937 and fixed in 4.19.193 with commit 39785761fead + Issue introduced in 5.4.118 with commit 6be0e4b59314 and fixed in 5.4.124 with commit aba3c7795f51 + Issue introduced in 5.10.36 with commit 2fafe7d5047f and fixed in 5.10.42 with commit f9890652185b + Issue introduced in 5.12.3 with commit 7e65ea887d0c and fixed in 5.12.9 with commit b090d110e666 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47179 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + fs/nfs/pnfs.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/4e1ba532dbc1a0e19fc2458d74ab8d98680c4e42 + https://git.kernel.org/stable/c/42637ca25c7d7b5a92804a679af5192e8c1a9f48 + https://git.kernel.org/stable/c/39785761feadf261bc5101372b0b0bbaf6a94494 + https://git.kernel.org/stable/c/aba3c7795f51717ae316f3566442dee7cc3eeccb + https://git.kernel.org/stable/c/f9890652185b72b8de9ebeb4406037640b6e1b53 + https://git.kernel.org/stable/c/b090d110e66636bca473fd8b98d5c97b555a965a diff --git a/cve/published/2021/CVE-2021-47179.sha1 b/cve/published/2021/CVE-2021-47179.sha1 new file mode 100644 index 00000000..7e5dd407 --- /dev/null +++ b/cve/published/2021/CVE-2021-47179.sha1 @@ -0,0 +1 @@ +a421d218603ffa822a0b8045055c03eae394a7eb diff --git a/cve/reserved/2021/CVE-2021-47180 b/cve/published/2021/CVE-2021-47180 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47180 +++ b/cve/published/2021/CVE-2021-47180 diff --git a/cve/published/2021/CVE-2021-47180.json b/cve/published/2021/CVE-2021-47180.json new file mode 100644 index 00000000..a0e5cb35 --- /dev/null +++ b/cve/published/2021/CVE-2021-47180.json @@ -0,0 +1,178 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: nci: fix memory leak in nci_allocate_device\n\nnfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev.\nFix this by freeing hci_dev in nci_free_device.\n\nBUG: memory leak\nunreferenced object 0xffff888111ea6800 (size 1024):\n comm \"kworker/1:0\", pid 19, jiffies 4294942308 (age 13.580s)\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`......\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace:\n [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline]\n [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline]\n [<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784\n [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline]\n [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132\n [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153\n [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345\n [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396\n [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554\n [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740\n [<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846\n [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431\n [<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914\n [<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491\n [<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109\n [<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164\n [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238\n [<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293\n [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554" + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "unaffected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "11f54f228643", + "lessThan": "448a1cb12977", + "status": "affected", + "versionType": "git" + }, + { + "version": "11f54f228643", + "lessThan": "4a621621c7af", + "status": "affected", + "versionType": "git" + }, + { + "version": "11f54f228643", + "lessThan": "2c2fb2df46ea", + "status": "affected", + "versionType": "git" + }, + { + "version": "11f54f228643", + "lessThan": "0365701bc44e", + "status": "affected", + "versionType": "git" + }, + { + "version": "11f54f228643", + "lessThan": "af2a4426baf7", + "status": "affected", + "versionType": "git" + }, + { + "version": "11f54f228643", + "lessThan": "b34cb7ac32cc", + "status": "affected", + "versionType": "git" + }, + { + "version": "11f54f228643", + "lessThan": "65234f50a90b", + "status": "affected", + "versionType": "git" + }, + { + "version": "11f54f228643", + "lessThan": "e0652f8bb44d", + "status": "affected", + "versionType": "git" + } + ] + }, + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", + "versions": [ + { + "version": "4.0", + "status": "affected" + }, + { + "version": "0", + "lessThan": "4.0", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.4.271", + "lessThanOrEqual": "4.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.9.271", + "lessThanOrEqual": "4.9.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.14.235", + "lessThanOrEqual": "4.14.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "4.19.193", + "lessThanOrEqual": "4.19.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.4.123", + "lessThanOrEqual": "5.4.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.10.41", + "lessThanOrEqual": "5.10.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.12.8", + "lessThanOrEqual": "5.12.*", + "status": "unaffected", + "versionType": "custom" + }, + { + "version": "5.13", + "lessThanOrEqual": "*", + "status": "unaffected", + "versionType": "original_commit_for_fix" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/c/448a1cb12977f52142e6feb12022c59662d88dc1" + }, + { + "url": "https://git.kernel.org/stable/c/4a621621c7af3cec21c47c349b30cd9c3cea11c8" + }, + { + "url": "https://git.kernel.org/stable/c/2c2fb2df46ea866b49fea5ec7112ec3cd4896c74" + }, + { + "url": "https://git.kernel.org/stable/c/0365701bc44e078682ee1224866a71897495c7ef" + }, + { + "url": "https://git.kernel.org/stable/c/af2a4426baf71163c0c354580ae98c7888a9aba7" + }, + { + "url": "https://git.kernel.org/stable/c/b34cb7ac32cc8e5471dc773180ea9ae676b1a745" + }, + { + "url": "https://git.kernel.org/stable/c/65234f50a90b64b335cbb9164b8a98c2a0d031dd" + }, + { + "url": "https://git.kernel.org/stable/c/e0652f8bb44d6294eeeac06d703185357f25d50b" + } + ], + "title": "NFC: nci: fix memory leak in nci_allocate_device", + "x_generator": { + "engine": "bippy-b4257b672505" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47180", + "requesterUserId": "gregkh@kernel.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47180.mbox b/cve/published/2021/CVE-2021-47180.mbox new file mode 100644 index 00000000..00006229 --- /dev/null +++ b/cve/published/2021/CVE-2021-47180.mbox @@ -0,0 +1,106 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47180: NFC: nci: fix memory leak in nci_allocate_device +Message-Id: <2024032539-CVE-2021-47180-5b80@gregkh> +Content-Length: 4584 +Lines: 89 +X-Developer-Signature: v=1; a=openpgp-sha256; l=4674; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=o4F+Zd2sM7VEuaWl9VnCHBUZx31xCK/Kh5NAbqfNM/s=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDt/z212ecnRbZgTav1VcITH9QrnIvHmvNass/n1ZI + /aVfWZJRywLgyATg6yYIsuXbTxH91ccUvQytD0NM4eVCWQIAxenAEzEPZZhwWxt3w/bzN1Fy6d5 + sqeEdG9kXmIRxTA/7tebN9Z7lv9mF3ViCVn2ljltsrEOAA== +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +NFC: nci: fix memory leak in nci_allocate_device + +nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. +Fix this by freeing hci_dev in nci_free_device. + +BUG: memory leak +unreferenced object 0xffff888111ea6800 (size 1024): + comm "kworker/1:0", pid 19, jiffies 4294942308 (age 13.580s) + hex dump (first 32 bytes): + 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`...... + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ + backtrace: + [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline] + [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline] + [<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784 + [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline] + [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132 + [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153 + [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345 + [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 + [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 + [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740 + [<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846 + [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431 + [<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914 + [<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491 + [<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109 + [<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164 + [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238 + [<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293 + [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 + +The Linux kernel CVE team has assigned CVE-2021-47180 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 4.0 with commit 11f54f228643 and fixed in 4.4.271 with commit 448a1cb12977 + Issue introduced in 4.0 with commit 11f54f228643 and fixed in 4.9.271 with commit 4a621621c7af + Issue introduced in 4.0 with commit 11f54f228643 and fixed in 4.14.235 with commit 2c2fb2df46ea + Issue introduced in 4.0 with commit 11f54f228643 and fixed in 4.19.193 with commit 0365701bc44e + Issue introduced in 4.0 with commit 11f54f228643 and fixed in 5.4.123 with commit af2a4426baf7 + Issue introduced in 4.0 with commit 11f54f228643 and fixed in 5.10.41 with commit b34cb7ac32cc + Issue introduced in 4.0 with commit 11f54f228643 and fixed in 5.12.8 with commit 65234f50a90b + Issue introduced in 4.0 with commit 11f54f228643 and fixed in 5.13 with commit e0652f8bb44d + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47180 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + include/net/nfc/nci_core.h + net/nfc/nci/core.c + net/nfc/nci/hci.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/448a1cb12977f52142e6feb12022c59662d88dc1 + https://git.kernel.org/stable/c/4a621621c7af3cec21c47c349b30cd9c3cea11c8 + https://git.kernel.org/stable/c/2c2fb2df46ea866b49fea5ec7112ec3cd4896c74 + https://git.kernel.org/stable/c/0365701bc44e078682ee1224866a71897495c7ef + https://git.kernel.org/stable/c/af2a4426baf71163c0c354580ae98c7888a9aba7 + https://git.kernel.org/stable/c/b34cb7ac32cc8e5471dc773180ea9ae676b1a745 + https://git.kernel.org/stable/c/65234f50a90b64b335cbb9164b8a98c2a0d031dd + https://git.kernel.org/stable/c/e0652f8bb44d6294eeeac06d703185357f25d50b diff --git a/cve/published/2021/CVE-2021-47180.sha1 b/cve/published/2021/CVE-2021-47180.sha1 new file mode 100644 index 00000000..dfd019f1 --- /dev/null +++ b/cve/published/2021/CVE-2021-47180.sha1 @@ -0,0 +1 @@ +e0652f8bb44d6294eeeac06d703185357f25d50b |