cve/published/2021/CVE-2021-47477.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2021-47477: comedi: dt9812: fix DMA buffers on stack

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 comedi: dt9812: fix DMA buffers on stack

 USB transfer buffers are typically mapped for DMA and must not be
 allocated on the stack or transfers will fail.

 Allocate proper transfer buffers in the various command helpers and
 return an error on short transfers instead of acting on random stack
 data.

 Note that this also fixes a stack info leak on systems where DMA is not
 used as 32 bytes are always sent to the device regardless of how short
 the command is.

 The Linux kernel CVE team has assigned CVE-2021-47477 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 2.6.29 with commit 63274cd7d38a3322d90b66a5bc976de1fb899051 and fixed in 4.4.292 with commit a6af69768d5cb4b2528946d53be5fa19ade37723
 	Issue introduced in 2.6.29 with commit 63274cd7d38a3322d90b66a5bc976de1fb899051 and fixed in 4.9.290 with commit 365a346cda82f51d835c49136a00a9df8a78c7f2
 	Issue introduced in 2.6.29 with commit 63274cd7d38a3322d90b66a5bc976de1fb899051 and fixed in 4.14.255 with commit 8a52bc480992c7c9da3ebfea456af731f50a4b97
 	Issue introduced in 2.6.29 with commit 63274cd7d38a3322d90b66a5bc976de1fb899051 and fixed in 4.19.217 with commit 39ea61037ae78f14fa121228dd962ea3280eacf3
 	Issue introduced in 2.6.29 with commit 63274cd7d38a3322d90b66a5bc976de1fb899051 and fixed in 5.4.159 with commit 3efb7af8ac437085b6c776e5b54830b149d86efe
 	Issue introduced in 2.6.29 with commit 63274cd7d38a3322d90b66a5bc976de1fb899051 and fixed in 5.10.79 with commit 786f5b03450454557ff858a8bead5d7c0cbf78d6
 	Issue introduced in 2.6.29 with commit 63274cd7d38a3322d90b66a5bc976de1fb899051 and fixed in 5.14.18 with commit 3ac273d154d634e2034508a14db82a95d7ad12ed
 	Issue introduced in 2.6.29 with commit 63274cd7d38a3322d90b66a5bc976de1fb899051 and fixed in 5.15.2 with commit 20cebb8b620dc987e55ddc46801de986e081757e
 	Issue introduced in 2.6.29 with commit 63274cd7d38a3322d90b66a5bc976de1fb899051 and fixed in 5.16 with commit 536de747bc48262225889a533db6650731ab25d3

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2021-47477
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/comedi/drivers/dt9812.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/a6af69768d5cb4b2528946d53be5fa19ade37723
 	https://git.kernel.org/stable/c/365a346cda82f51d835c49136a00a9df8a78c7f2
 	https://git.kernel.org/stable/c/8a52bc480992c7c9da3ebfea456af731f50a4b97
 	https://git.kernel.org/stable/c/39ea61037ae78f14fa121228dd962ea3280eacf3
 	https://git.kernel.org/stable/c/3efb7af8ac437085b6c776e5b54830b149d86efe
 	https://git.kernel.org/stable/c/786f5b03450454557ff858a8bead5d7c0cbf78d6
 	https://git.kernel.org/stable/c/3ac273d154d634e2034508a14db82a95d7ad12ed
 	https://git.kernel.org/stable/c/20cebb8b620dc987e55ddc46801de986e081757e
 	https://git.kernel.org/stable/c/536de747bc48262225889a533db6650731ab25d3
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2021-47477: comedi: dt9812: fix DMA buffers on stack

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	comedi: dt9812: fix DMA buffers on stack

	USB transfer buffers are typically mapped for DMA and must not be
	allocated on the stack or transfers will fail.

	Allocate proper transfer buffers in the various command helpers and
	return an error on short transfers instead of acting on random stack
	data.

	Note that this also fixes a stack info leak on systems where DMA is not
	used as 32 bytes are always sent to the device regardless of how short
	the command is.

	The Linux kernel CVE team has assigned CVE-2021-47477 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 2.6.29 with commit 63274cd7d38a3322d90b66a5bc976de1fb899051 and fixed in 4.4.292 with commit a6af69768d5cb4b2528946d53be5fa19ade37723
	Issue introduced in 2.6.29 with commit 63274cd7d38a3322d90b66a5bc976de1fb899051 and fixed in 4.9.290 with commit 365a346cda82f51d835c49136a00a9df8a78c7f2
	Issue introduced in 2.6.29 with commit 63274cd7d38a3322d90b66a5bc976de1fb899051 and fixed in 4.14.255 with commit 8a52bc480992c7c9da3ebfea456af731f50a4b97
	Issue introduced in 2.6.29 with commit 63274cd7d38a3322d90b66a5bc976de1fb899051 and fixed in 4.19.217 with commit 39ea61037ae78f14fa121228dd962ea3280eacf3
	Issue introduced in 2.6.29 with commit 63274cd7d38a3322d90b66a5bc976de1fb899051 and fixed in 5.4.159 with commit 3efb7af8ac437085b6c776e5b54830b149d86efe
	Issue introduced in 2.6.29 with commit 63274cd7d38a3322d90b66a5bc976de1fb899051 and fixed in 5.10.79 with commit 786f5b03450454557ff858a8bead5d7c0cbf78d6
	Issue introduced in 2.6.29 with commit 63274cd7d38a3322d90b66a5bc976de1fb899051 and fixed in 5.14.18 with commit 3ac273d154d634e2034508a14db82a95d7ad12ed
	Issue introduced in 2.6.29 with commit 63274cd7d38a3322d90b66a5bc976de1fb899051 and fixed in 5.15.2 with commit 20cebb8b620dc987e55ddc46801de986e081757e
	Issue introduced in 2.6.29 with commit 63274cd7d38a3322d90b66a5bc976de1fb899051 and fixed in 5.16 with commit 536de747bc48262225889a533db6650731ab25d3

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2021-47477
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/comedi/drivers/dt9812.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/a6af69768d5cb4b2528946d53be5fa19ade37723
	https://git.kernel.org/stable/c/365a346cda82f51d835c49136a00a9df8a78c7f2
	https://git.kernel.org/stable/c/8a52bc480992c7c9da3ebfea456af731f50a4b97
	https://git.kernel.org/stable/c/39ea61037ae78f14fa121228dd962ea3280eacf3
	https://git.kernel.org/stable/c/3efb7af8ac437085b6c776e5b54830b149d86efe
	https://git.kernel.org/stable/c/786f5b03450454557ff858a8bead5d7c0cbf78d6
	https://git.kernel.org/stable/c/3ac273d154d634e2034508a14db82a95d7ad12ed
	https://git.kernel.org/stable/c/20cebb8b620dc987e55ddc46801de986e081757e
	https://git.kernel.org/stable/c/536de747bc48262225889a533db6650731ab25d3