PT-2021-8224 · Linux+5 · Linux Kernel+5
Syzkaller
·
Published
2021-11-18
·
Updated
2024-12-02
·
CVE-2021-47580
CVSS v3.1
6.6
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.15.0-syzk #1
Description
The vulnerability is related to a stack out-of-bounds error in the
scsi debug component of the Linux kernel. The issue arises from the use of the min t function with a type of int instead of u32, causing the values to get sign extended and the larger value to be used, resulting in a stack out-of-bounds condition. This can lead to a denial-of-service (DoS) condition. The vulnerability is triggered by a read of size 127 at a specific memory address.Technical details about exploitation include:
- Function Names: The vulnerable functions include
sg copy buffer(),fill from dev buffer(),resp readcap16(),schedule resp(), andscsi debug queuecommand(). - API Endpoints: The vulnerability is related to the
sg ioctl()function, which is used to perform various SCSI-related operations. - Vulnerable Parameters or Variables: The
min tfunction is used with a type ofintinstead ofu32, causing the stack out-of-bounds condition.
Recommendations
To resolve the issue, update the Linux kernel to a version that includes the fix for the
scsi debug component, which changes the min t function to use the u32 type instead of int. Specifically, for Linux kernel versions prior to 5.15.0-syzk #1, update to a newer version that includes this fix.Fix
DoS
Out of bounds Read
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Centos
Linux Kernel
Red Hat
Red Os
Suse