fkie_cve-2021-47477
Vulnerability from fkie_nvd
Published
2024-05-22 09:15
Modified
2024-11-21 06:36
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
In the Linux kernel, the following vulnerability has been resolved: comedi: dt9812: fix DMA buffers on stack USB transfer buffers are typically mapped for DMA and must not be allocated on the stack or transfers will fail. Allocate proper transfer buffers in the various command helpers and return an error on short transfers instead of acting on random stack data. Note that this also fixes a stack info leak on systems where DMA is not used as 32 bytes are always sent to the device regardless of how short the command is.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/20cebb8b620dc987e55ddc46801de986e081757e
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/365a346cda82f51d835c49136a00a9df8a78c7f2
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/39ea61037ae78f14fa121228dd962ea3280eacf3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3ac273d154d634e2034508a14db82a95d7ad12ed
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3efb7af8ac437085b6c776e5b54830b149d86efe
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/536de747bc48262225889a533db6650731ab25d3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/786f5b03450454557ff858a8bead5d7c0cbf78d6
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8a52bc480992c7c9da3ebfea456af731f50a4b97
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a6af69768d5cb4b2528946d53be5fa19ade37723
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/20cebb8b620dc987e55ddc46801de986e081757e
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/365a346cda82f51d835c49136a00a9df8a78c7f2
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/39ea61037ae78f14fa121228dd962ea3280eacf3
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/3ac273d154d634e2034508a14db82a95d7ad12ed
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/3efb7af8ac437085b6c776e5b54830b149d86efe
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/536de747bc48262225889a533db6650731ab25d3
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/786f5b03450454557ff858a8bead5d7c0cbf78d6
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/8a52bc480992c7c9da3ebfea456af731f50a4b97
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/a6af69768d5cb4b2528946d53be5fa19ade37723
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: dt9812: fix DMA buffers on stack\n\nUSB transfer buffers are typically mapped for DMA and must not be\nallocated on the stack or transfers will fail.\n\nAllocate proper transfer buffers in the various command helpers and\nreturn an error on short transfers instead of acting on random stack\ndata.\n\nNote that this also fixes a stack info leak on systems where DMA is not\nused as 32 bytes are always sent to the device regardless of how short\nthe command is."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: comedi: dt9812: corrige los b\u00faferes DMA en la pila Los b\u00faferes de transferencia USB generalmente est\u00e1n asignados para DMA y no deben asignarse en la pila o las transferencias fallar\u00e1n. Asigne b\u00faferes de transferencia adecuados en los distintos asistentes de comando y devuelva un error en transferencias cortas en lugar de actuar sobre datos de pila aleatorios. Tenga en cuenta que esto tambi\u00e9n soluciona una fuga de informaci\u00f3n de la pila en sistemas donde no se usa DMA, ya que siempre se env\u00edan 32 bytes al dispositivo, independientemente de cu\u00e1n corto sea el comando."
    }
  ],
  "id": "CVE-2021-47477",
  "lastModified": "2024-11-21T06:36:15.730",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-05-22T09:15:09.677",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/20cebb8b620dc987e55ddc46801de986e081757e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/365a346cda82f51d835c49136a00a9df8a78c7f2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/39ea61037ae78f14fa121228dd962ea3280eacf3"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3ac273d154d634e2034508a14db82a95d7ad12ed"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3efb7af8ac437085b6c776e5b54830b149d86efe"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/536de747bc48262225889a533db6650731ab25d3"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/786f5b03450454557ff858a8bead5d7c0cbf78d6"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/8a52bc480992c7c9da3ebfea456af731f50a4b97"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a6af69768d5cb4b2528946d53be5fa19ade37723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/20cebb8b620dc987e55ddc46801de986e081757e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/365a346cda82f51d835c49136a00a9df8a78c7f2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/39ea61037ae78f14fa121228dd962ea3280eacf3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/3ac273d154d634e2034508a14db82a95d7ad12ed"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/3efb7af8ac437085b6c776e5b54830b149d86efe"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/536de747bc48262225889a533db6650731ab25d3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/786f5b03450454557ff858a8bead5d7c0cbf78d6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/8a52bc480992c7c9da3ebfea456af731f50a4b97"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.kernel.org/stable/c/a6af69768d5cb4b2528946d53be5fa19ade37723"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.