CVE-2021-47039

Summary

In the Linux kernel, the following vulnerability has been resolved:

ataflop: potential out of bounds in do_format()

The function uses "type" as an array index:

q = unit[drive].disk[type]->queue;

Unfortunately the bounds check on "type" isn't done until later in the function. Fix this by moving the bounds check to the start.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxbf9c0538e485b591a2ee02d9adb8a99db4be5a2a < 07f86aa8f4fe077be1b018cc177eb8c6573e5671affected
LinuxLinuxbf9c0538e485b591a2ee02d9adb8a99db4be5a2a < 2a3a8bbca28b899806844c00d49ed1b7ccb50957affected
LinuxLinuxbf9c0538e485b591a2ee02d9adb8a99db4be5a2a < 1ffec389a6431782a8a28805830b6fae9bf00af1affected
LinuxLinux5.11affected
LinuxLinux0 < 5.11unaffected
LinuxLinux5.11.21 <= 5.11.*unaffected
LinuxLinux5.12.4 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References