CVE-2021-47642
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
Coverity complains of a possible buffer overflow. However, given the 'static' scope of nvidia_setup_i2c_bus() it looks like that can't happen after examiniing the call sites.
CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
- fixed_size_dest: You might overrun the 48-character fixed-size string chan->adapter.name by copying name without checking the length.
- parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. 89 strcpy(chan->adapter.name, name);
Fix this warning by using strscpy() which will silence the warning and prevent any future buffer overflows should the names used to identify the channel become much longer.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 47e5533adf118afaf06d25a3e2aaaab89371b1c5 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 580e5d3815474b8349250c25c16416585a72c7fe | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 72dd5c46a152136712a55bf026a9aa8c1b12b60d | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 055cdd2e7b992921424d4daaa285ced787fb205f | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 08dff482012758935c185532b1ad7d584785a86e | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9ff2f7294ab0f011cd4d1b7dcd9a07d8fdf72834 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6a5226e544ac043bb2d8dc1bfe8920d02282f7cd | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 41baa86b6c802cdc6ab8ff2d46c083c9be93de81 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 37a1a2e6eeeb101285cd34e12e48a881524701aa | affected |
| Linux | Linux | 2.6.12 | affected |
| Linux | Linux | 0 < 2.6.12 | unaffected |
| Linux | Linux | 4.9.311 <= 4.9.* | unaffected |
| Linux | Linux | 4.14.276 <= 4.14.* | unaffected |
| Linux | Linux | 4.19.238 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.189 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.110 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.33 <= 5.15.* | unaffected |
| Linux | Linux | 5.16.19 <= 5.16.* | unaffected |
| Linux | Linux | 5.17.2 <= 5.17.* | unaffected |
| Linux | Linux | 5.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/47e5533adf118afaf06d25a3e2aaaab89371b1c5
- https://git.kernel.org/stable/c/580e5d3815474b8349250c25c16416585a72c7fe
- https://git.kernel.org/stable/c/72dd5c46a152136712a55bf026a9aa8c1b12b60d
- https://git.kernel.org/stable/c/055cdd2e7b992921424d4daaa285ced787fb205f
- https://git.kernel.org/stable/c/08dff482012758935c185532b1ad7d584785a86e
- https://git.kernel.org/stable/c/9ff2f7294ab0f011cd4d1b7dcd9a07d8fdf72834
- https://git.kernel.org/stable/c/6a5226e544ac043bb2d8dc1bfe8920d02282f7cd
- https://git.kernel.org/stable/c/41baa86b6c802cdc6ab8ff2d46c083c9be93de81
- https://git.kernel.org/stable/c/37a1a2e6eeeb101285cd34e12e48a881524701aa
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.