CVE-2021-47509
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: pcm: oss: Limit the period size to 16MB
Set the practical limit to the period size (the fragment shift in OSS) instead of a full 31bit; a too large value could lead to the exhaust of memory as we allocate temporary buffers of the period size, too.
As of this patch, we set to 16MB limit, which should cover all use cases.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < d1bb703ad050de9095f10b2d3416c32921ac6bcc | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < b02a41eebcc36d4f07196780f2e165ca2c499257 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < be55f306396cd62c6889286a7194fd8b53363aeb | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2e54cf6794bf82a54aaefc78da13819aea9cd28a | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 76f19e4cbb548e28547f8c328aa0bfb3a10222d3 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < ad45babf7886e7a212ee1d5eda9ef49f696db43c | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 35a3e511032146941085f87dd9fb5b82ea5c00a2 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8839c8c0f77ab8fc0463f4ab8b37fca3f70677c2 | affected |
| Linux | Linux | 2.6.12 | affected |
| Linux | Linux | 0 < 2.6.12 | unaffected |
| Linux | Linux | 4.4.295 <= 4.4.* | unaffected |
| Linux | Linux | 4.9.293 <= 4.9.* | unaffected |
| Linux | Linux | 4.14.258 <= 4.14.* | unaffected |
| Linux | Linux | 4.19.221 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.165 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.85 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.8 <= 5.15.* | unaffected |
| Linux | Linux | 5.16 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/d1bb703ad050de9095f10b2d3416c32921ac6bcc
- https://git.kernel.org/stable/c/b02a41eebcc36d4f07196780f2e165ca2c499257
- https://git.kernel.org/stable/c/be55f306396cd62c6889286a7194fd8b53363aeb
- https://git.kernel.org/stable/c/2e54cf6794bf82a54aaefc78da13819aea9cd28a
- https://git.kernel.org/stable/c/76f19e4cbb548e28547f8c328aa0bfb3a10222d3
- https://git.kernel.org/stable/c/ad45babf7886e7a212ee1d5eda9ef49f696db43c
- https://git.kernel.org/stable/c/35a3e511032146941085f87dd9fb5b82ea5c00a2
- https://git.kernel.org/stable/c/8839c8c0f77ab8fc0463f4ab8b37fca3f70677c2
References
- https://git.kernel.org/stable/c/d1bb703ad050de9095f10b2d3416c32921ac6bcc
- https://git.kernel.org/stable/c/b02a41eebcc36d4f07196780f2e165ca2c499257
- https://git.kernel.org/stable/c/be55f306396cd62c6889286a7194fd8b53363aeb
- https://git.kernel.org/stable/c/2e54cf6794bf82a54aaefc78da13819aea9cd28a
- https://git.kernel.org/stable/c/76f19e4cbb548e28547f8c328aa0bfb3a10222d3
- https://git.kernel.org/stable/c/ad45babf7886e7a212ee1d5eda9ef49f696db43c
- https://git.kernel.org/stable/c/35a3e511032146941085f87dd9fb5b82ea5c00a2
- https://git.kernel.org/stable/c/8839c8c0f77ab8fc0463f4ab8b37fca3f70677c2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.