CVE-2021-47288

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is an out-of-bounds bug in the ngene command config free buf() function. The problem arises because the original code attempts to copy 6 bytes of data into a one-byte size member config of the wrong structure FW CONFIGURE BUFFERS in a single call to memcpy(). This causes a legitimate compiler warning because memcpy() overruns the length of &com.cmd.ConfigureBuffers.config. The correct structure should be FW CONFIGURE FREE BUFFERS instead, as it contains 6 more members apart from the header hdr. The fix involves enclosing those 6 members of struct FW CONFIGURE FREE BUFFERS into a new struct config and using &com.cmd.ConfigureFreeBuffers.config as the destination address when calling memcpy(). This change also aids in the ongoing efforts to globally enable -Warray-bounds and tighten the FORTIFY SOURCE routines on memcpy().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.