cve/published/2021/CVE-2021-47642.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2021-47642: video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow

 Coverity complains of a possible buffer overflow. However,
 given the 'static' scope of nvidia_setup_i2c_bus() it looks
 like that can't happen after examiniing the call sites.

 CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
 1. fixed_size_dest: You might overrun the 48-character fixed-size string
   chan->adapter.name by copying name without checking the length.
 2. parameter_as_source: Note: This defect has an elevated risk because the
   source argument is a parameter of the current function.
  89        strcpy(chan->adapter.name, name);

 Fix this warning by using strscpy() which will silence the warning and
 prevent any future buffer overflows should the names used to identify the
 channel become much longer.

 The Linux kernel CVE team has assigned CVE-2021-47642 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 4.9.311 with commit 47e5533adf118afaf06d25a3e2aaaab89371b1c5
 	Fixed in 4.14.276 with commit 580e5d3815474b8349250c25c16416585a72c7fe
 	Fixed in 4.19.238 with commit 72dd5c46a152136712a55bf026a9aa8c1b12b60d
 	Fixed in 5.4.189 with commit 055cdd2e7b992921424d4daaa285ced787fb205f
 	Fixed in 5.10.110 with commit 08dff482012758935c185532b1ad7d584785a86e
 	Fixed in 5.15.33 with commit 9ff2f7294ab0f011cd4d1b7dcd9a07d8fdf72834
 	Fixed in 5.16.19 with commit 6a5226e544ac043bb2d8dc1bfe8920d02282f7cd
 	Fixed in 5.17.2 with commit 41baa86b6c802cdc6ab8ff2d46c083c9be93de81
 	Fixed in 5.18 with commit 37a1a2e6eeeb101285cd34e12e48a881524701aa

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2021-47642
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/video/fbdev/nvidia/nv_i2c.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/47e5533adf118afaf06d25a3e2aaaab89371b1c5
 	https://git.kernel.org/stable/c/580e5d3815474b8349250c25c16416585a72c7fe
 	https://git.kernel.org/stable/c/72dd5c46a152136712a55bf026a9aa8c1b12b60d
 	https://git.kernel.org/stable/c/055cdd2e7b992921424d4daaa285ced787fb205f
 	https://git.kernel.org/stable/c/08dff482012758935c185532b1ad7d584785a86e
 	https://git.kernel.org/stable/c/9ff2f7294ab0f011cd4d1b7dcd9a07d8fdf72834
 	https://git.kernel.org/stable/c/6a5226e544ac043bb2d8dc1bfe8920d02282f7cd
 	https://git.kernel.org/stable/c/41baa86b6c802cdc6ab8ff2d46c083c9be93de81
 	https://git.kernel.org/stable/c/37a1a2e6eeeb101285cd34e12e48a881524701aa
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2021-47642: video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow

	Coverity complains of a possible buffer overflow. However,
	given the 'static' scope of nvidia_setup_i2c_bus() it looks
	like that can't happen after examiniing the call sites.

	CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW)
	1. fixed_size_dest: You might overrun the 48-character fixed-size string
	chan->adapter.name by copying name without checking the length.
	2. parameter_as_source: Note: This defect has an elevated risk because the
	source argument is a parameter of the current function.
	89 strcpy(chan->adapter.name, name);

	Fix this warning by using strscpy() which will silence the warning and
	prevent any future buffer overflows should the names used to identify the
	channel become much longer.

	The Linux kernel CVE team has assigned CVE-2021-47642 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 4.9.311 with commit 47e5533adf118afaf06d25a3e2aaaab89371b1c5
	Fixed in 4.14.276 with commit 580e5d3815474b8349250c25c16416585a72c7fe
	Fixed in 4.19.238 with commit 72dd5c46a152136712a55bf026a9aa8c1b12b60d
	Fixed in 5.4.189 with commit 055cdd2e7b992921424d4daaa285ced787fb205f
	Fixed in 5.10.110 with commit 08dff482012758935c185532b1ad7d584785a86e
	Fixed in 5.15.33 with commit 9ff2f7294ab0f011cd4d1b7dcd9a07d8fdf72834
	Fixed in 5.16.19 with commit 6a5226e544ac043bb2d8dc1bfe8920d02282f7cd
	Fixed in 5.17.2 with commit 41baa86b6c802cdc6ab8ff2d46c083c9be93de81
	Fixed in 5.18 with commit 37a1a2e6eeeb101285cd34e12e48a881524701aa

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2021-47642
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/video/fbdev/nvidia/nv_i2c.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/47e5533adf118afaf06d25a3e2aaaab89371b1c5
	https://git.kernel.org/stable/c/580e5d3815474b8349250c25c16416585a72c7fe
	https://git.kernel.org/stable/c/72dd5c46a152136712a55bf026a9aa8c1b12b60d
	https://git.kernel.org/stable/c/055cdd2e7b992921424d4daaa285ced787fb205f
	https://git.kernel.org/stable/c/08dff482012758935c185532b1ad7d584785a86e
	https://git.kernel.org/stable/c/9ff2f7294ab0f011cd4d1b7dcd9a07d8fdf72834
	https://git.kernel.org/stable/c/6a5226e544ac043bb2d8dc1bfe8920d02282f7cd
	https://git.kernel.org/stable/c/41baa86b6c802cdc6ab8ff2d46c083c9be93de81
	https://git.kernel.org/stable/c/37a1a2e6eeeb101285cd34e12e48a881524701aa