CVE-2021-47511

Summary

In the Linux kernel, the following vulnerability has been resolved:

ALSA: pcm: oss: Fix negative period/buffer sizes

The period size calculation in OSS layer may receive a negative value as an error, but the code there assumes only the positive values and handle them with size_t. Due to that, a too big value may be passed to the lower layers.

This patch changes the code to handle with ssize_t and adds the proper error checks appropriately.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < be8869d388593e57223ad39297c8e54be632f2f2affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 502e1146873d870f87da3b8f93d6bf2de5f38d0caffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8af815ab052eaf74addbbfb556d63ce2137c0e1baffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < f96c0959c1ee92adc911c10d6ec209af50105049affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < f12c8a7515f641885677960af450082569a87243affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 02b2b691b77cd7b951fa7b6c9d44d4e472cdc823affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 00a860678098fcd9fa8db2b5fb9d2ddf4776d4ccaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9d2479c960875ca1239bcb899f386970c13d9cfeaffected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux4.4.295 <= 4.4.*unaffected
LinuxLinux4.9.293 <= 4.9.*unaffected
LinuxLinux4.14.258 <= 4.14.*unaffected
LinuxLinux4.19.221 <= 4.19.*unaffected
LinuxLinux5.4.165 <= 5.4.*unaffected
LinuxLinux5.10.85 <= 5.10.*unaffected
LinuxLinux5.15.8 <= 5.15.*unaffected
LinuxLinux5.16 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References