CVE-2021-47485

Summary

In the Linux kernel, the following vulnerability has been resolved:

IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields

Overflowing either addrlimit or bytes_togo can allow userspace to trigger a buffer overflow of kernel memory. Check for overflows in all the places doing math on user controlled buffers.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf931551bafe1f10ded7f5282e2aa162c267a2e5d < bda41654b6e0c125a624ca35d6d20beb8015b5d0affected
LinuxLinuxf931551bafe1f10ded7f5282e2aa162c267a2e5d < 3f57c3f67fd93b4da86aeffea1ca32c484d054adaffected
LinuxLinuxf931551bafe1f10ded7f5282e2aa162c267a2e5d < 60833707b968d5ae02a75edb7886dcd4a957cf0daffected
LinuxLinuxf931551bafe1f10ded7f5282e2aa162c267a2e5d < 73d2892148aa4397a885b4f4afcfc5b27a325c42affected
LinuxLinuxf931551bafe1f10ded7f5282e2aa162c267a2e5d < 0f8cdfff06829a0b0348b6debc29ff6a61967724affected
LinuxLinuxf931551bafe1f10ded7f5282e2aa162c267a2e5d < c3e17e58f571f34c51aeb17274ed02c2ed5cf780affected
LinuxLinuxf931551bafe1f10ded7f5282e2aa162c267a2e5d < 0d4395477741608d123dad51def9fe50b7ebe952affected
LinuxLinuxf931551bafe1f10ded7f5282e2aa162c267a2e5d < d39bf40e55e666b5905fdbd46a0dced030ce87beaffected
LinuxLinux2.6.35affected
LinuxLinux0 < 2.6.35unaffected
LinuxLinux4.4.292 <= 4.4.*unaffected
LinuxLinux4.9.290 <= 4.9.*unaffected
LinuxLinux4.14.255 <= 4.14.*unaffected
LinuxLinux4.19.216 <= 4.19.*unaffected
LinuxLinux5.4.157 <= 5.4.*unaffected
LinuxLinux5.10.77 <= 5.10.*unaffected
LinuxLinux5.14.16 <= 5.14.*unaffected
LinuxLinux5.15 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References