| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/signal: Detect and prevent an alternate signal stack overflow\n\nThe kernel pushes context on to the userspace stack to prepare for the\nuser's signal handler. When the user has supplied an alternate signal\nstack, via sigaltstack(2), it is easy for the kernel to verify that the\nstack size is sufficient for the current hardware context.\n\nCheck if writing the hardware context to the alternate stack will exceed\nit's size. If yes, then instead of corrupting user-data and proceeding with\nthe original signal handler, an immediate SIGSEGV signal is delivered.\n\nRefactor the stack pointer check code from on_sig_stack() and use the new\nhelper.\n\nWhile the kernel allows new source code to discover and use a sufficient\nalternate signal stack size, this check is still necessary to protect\nbinaries with insufficient alternate signal stack size from data\ncorruption." |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "versions": [ |
| { |
| "version": "c2bc11f10a39", |
| "lessThan": "00fcd8f33e9b", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "c2bc11f10a39", |
| "lessThan": "74569cb9ed7b", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "c2bc11f10a39", |
| "lessThan": "74d6fcea1d89", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "c2bc11f10a39", |
| "lessThan": "afb04d0b5543", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "c2bc11f10a39", |
| "lessThan": "2beb4a53fc3f", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "versions": [ |
| { |
| "version": "3.15", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "3.15", |
| "status": "unaffected", |
| "versionType": "custom" |
| }, |
| { |
| "version": "5.4.134", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "custom" |
| }, |
| { |
| "version": "5.10.52", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "custom" |
| }, |
| { |
| "version": "5.12.19", |
| "lessThanOrEqual": "5.12.*", |
| "status": "unaffected", |
| "versionType": "custom" |
| }, |
| { |
| "version": "5.13.4", |
| "lessThanOrEqual": "5.13.*", |
| "status": "unaffected", |
| "versionType": "custom" |
| }, |
| { |
| "version": "5.14", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/00fcd8f33e9b9f57115c3b1cfc4cb96450c18796" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/74569cb9ed7bc60e395927f55d3dc3be143a0164" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/74d6fcea1d896800e60f1c675137efebd1a6c9a6" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/afb04d0b5543a5bf8e157b9119fbfc52606f4c11" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/2beb4a53fc3f1081cedc1c1a198c7f56cc4fc60c" |
| } |
| ], |
| "title": "x86/signal: Detect and prevent an alternate signal stack overflow", |
| "x_generator": { |
| "engine": "bippy-d175d3acf727" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2021-47326", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
