diff options
Diffstat (limited to 'cve/published/2021/CVE-2021-47170.mbox')
-rw-r--r-- | cve/published/2021/CVE-2021-47170.mbox | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/cve/published/2021/CVE-2021-47170.mbox b/cve/published/2021/CVE-2021-47170.mbox new file mode 100644 index 00000000..69f5edb6 --- /dev/null +++ b/cve/published/2021/CVE-2021-47170.mbox @@ -0,0 +1,80 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47170: USB: usbfs: Don't WARN about excessively large memory allocations +Message-Id: <2024032536-CVE-2021-47170-ee51@gregkh> +Content-Length: 2394 +Lines: 63 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2458; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=ovcj9kTkuzCNxKAYhx2XKQmtnuu2j8KV/0bYYcjiKho=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDl/Kr9lFMKRevL5DeEN8e9eVnvcvZvutvOrJGbV/y + 9KSYxJZHbEsDIJMDLJiiixftvEc3V9xSNHL0PY0zBxWJpAhDFycAjCR6d4MC5a+fRboKzN57a2C + R7Oa0vbbbxINm8gwv/qQRL3opIQjeumCea95hG/98+J/CQA= +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +USB: usbfs: Don't WARN about excessively large memory allocations + +Syzbot found that the kernel generates a WARNing if the user tries to +submit a bulk transfer through usbfs with a buffer that is way too +large. This isn't a bug in the kernel; it's merely an invalid request +from the user and the usbfs code does handle it correctly. + +In theory the same thing can happen with async transfers, or with the +packet descriptor table for isochronous transfers. + +To prevent the MM subsystem from complaining about these bad +allocation requests, add the __GFP_NOWARN flag to the kmalloc calls +for these buffers. + +The Linux kernel CVE team has assigned CVE-2021-47170 to this issue. + + +Affected and fixed versions +=========================== + + Fixed in 4.19.193 with commit 2ab21d6e1411 + Fixed in 5.4.124 with commit 2c835fede13e + Fixed in 5.10.42 with commit 8d83f109e920 + Fixed in 5.12.9 with commit 9f7cb3f01a10 + Fixed in 5.13 with commit 4f2629ea67e7 + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47170 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + drivers/usb/core/devio.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/2ab21d6e1411999b5fb43434f421f00bf50002eb + https://git.kernel.org/stable/c/2c835fede13e03f2743a333e4370b5ed2db91e83 + https://git.kernel.org/stable/c/8d83f109e920d2776991fa142bb904d985dca2ed + https://git.kernel.org/stable/c/9f7cb3f01a10d9064cf13b3d26fb7e7a5827d098 + https://git.kernel.org/stable/c/4f2629ea67e7225c3fd292c7fe4f5b3c9d6392de |