CVE - CVE-2021-47288

CVE-ID
CVE-2021-47288	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() Fix an 11-year old bug in ngene_command_config_free_buf() while addressing the following warnings caught with -Warray-bounds: arch/alpha/include/asm/string.h:22:16: warning: '__builtin_memcpy' offset [12, 16] from the object at 'com' is out of the bounds of referenced subobject 'config' with type 'unsigned char' at offset 10 [-Warray-bounds] arch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [12, 16] from the object at 'com' is out of the bounds of referenced subobject 'config' with type 'unsigned char' at offset 10 [-Warray-bounds] The problem is that the original code is trying to copy 6 bytes of data into a one-byte size member _config_ of the wrong structue FW_CONFIGURE_BUFFERS, in a single call to memcpy(). This causes a legitimate compiler warning because memcpy() overruns the length of &com.cmd.ConfigureBuffers.config. It seems that the right structure is FW_CONFIGURE_FREE_BUFFERS, instead, because it contains 6 more members apart from the header _hdr_. Also, the name of the function ngene_command_config_free_buf() suggests that the actual intention is to ConfigureFreeBuffers, instead of ConfigureBuffers (which takes place in the function ngene_command_config_buf(), above). Fix this by enclosing those 6 members of struct FW_CONFIGURE_FREE_BUFFERS into new struct config, and use &com.cmd.ConfigureFreeBuffers.config as the destination address, instead of &com.cmd.ConfigureBuffers.config, when calling memcpy(). This also helps with the ongoing efforts to globally enable -Warray-bounds and get us closer to being able to tighten the FORTIFY_SOURCE routines on memcpy().
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/4487b968e5eacd02c493303dc2b61150bb7fe4b2 URL:https://git.kernel.org/stable/c/4487b968e5eacd02c493303dc2b61150bb7fe4b2 MISC:https://git.kernel.org/stable/c/8d4abca95ecc82fc8c41912fa0085281f19cc29f URL:https://git.kernel.org/stable/c/8d4abca95ecc82fc8c41912fa0085281f19cc29f MISC:https://git.kernel.org/stable/c/b9a178f189bb6d75293573e181928735f5e3e070 URL:https://git.kernel.org/stable/c/b9a178f189bb6d75293573e181928735f5e3e070 MISC:https://git.kernel.org/stable/c/c6ddeb63dd543b5474b0217c4e47538b7ffd7686 URL:https://git.kernel.org/stable/c/c6ddeb63dd543b5474b0217c4e47538b7ffd7686 MISC:https://git.kernel.org/stable/c/e617fa62f6cf859a7b042cdd6c73af905ff8fca3 URL:https://git.kernel.org/stable/c/e617fa62f6cf859a7b042cdd6c73af905ff8fca3 MISC:https://git.kernel.org/stable/c/e818f2ff648581a6c553ae2bebc5dcef9a8bb90c URL:https://git.kernel.org/stable/c/e818f2ff648581a6c553ae2bebc5dcef9a8bb90c MISC:https://git.kernel.org/stable/c/e991457afdcb5f4dbc5bc9d79eaf775be33e7092 URL:https://git.kernel.org/stable/c/e991457afdcb5f4dbc5bc9d79eaf775be33e7092 MISC:https://git.kernel.org/stable/c/ec731c6ef564ee6fc101fc5d73e3a3a953d09a00 URL:https://git.kernel.org/stable/c/ec731c6ef564ee6fc101fc5d73e3a3a953d09a00
Assigning CNA
kernel.org
Date Record Created
20240521	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240521)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)