| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2021-47548: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() |
| |
| The if statement: |
| if (port >= DSAF_GE_NUM) |
| return; |
| |
| limits the value of port less than DSAF_GE_NUM (i.e., 8). |
| However, if the value of port is 6 or 7, an array overflow could occur: |
| port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off; |
| |
| because the length of dsaf_dev->mac_cb is DSAF_MAX_PORT_NUM (i.e., 6). |
| |
| To fix this possible array overflow, we first check port and if it is |
| greater than or equal to DSAF_MAX_PORT_NUM, the function returns. |
| |
| The Linux kernel CVE team has assigned CVE-2021-47548 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Fixed in 4.9.292 with commit 948968f8747650447c8f21c9fdba0e1973be040b |
| Fixed in 4.14.257 with commit abbd5faa0748d0aa95d5191d56ff7a17a6275bd1 |
| Fixed in 4.19.220 with commit dd07f8971b81ad98cc754b179b331b57f35aa1ff |
| Fixed in 5.4.164 with commit 99bb25cb6753beaf2c2bc37927c2ecc0ceff3f6d |
| Fixed in 5.10.84 with commit 22519eff7df2d88adcc2568d86046ce1e2b52803 |
| Fixed in 5.15.7 with commit fc7ffa7f10b9454a86369405d9814bf141b30627 |
| Fixed in 5.16 with commit a66998e0fbf213d47d02813b9679426129d0d114 |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2021-47548 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/948968f8747650447c8f21c9fdba0e1973be040b |
| https://git.kernel.org/stable/c/abbd5faa0748d0aa95d5191d56ff7a17a6275bd1 |
| https://git.kernel.org/stable/c/dd07f8971b81ad98cc754b179b331b57f35aa1ff |
| https://git.kernel.org/stable/c/99bb25cb6753beaf2c2bc37927c2ecc0ceff3f6d |
| https://git.kernel.org/stable/c/22519eff7df2d88adcc2568d86046ce1e2b52803 |
| https://git.kernel.org/stable/c/fc7ffa7f10b9454a86369405d9814bf141b30627 |
| https://git.kernel.org/stable/c/a66998e0fbf213d47d02813b9679426129d0d114 |
