CVE-2021-47040

UNKNOWN

Published 2024-02-28T08:13:46.557Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-47040. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

io_uring: fix overflows checks in provide buffers

Colin reported before possible overflow and sign extension problems in
io_provide_buffers_prep(). As Linus pointed out previous attempt did nothing
useful, see d81269fecb8ce ("io_uring: fix provide_buffers sign extension").

Do that with help of check_<op>_overflow helpers. And fix struct
io_provide_buf::len type, as it doesn't make much sense to keep it
signed.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Affected Versions:

efe68c1ca8f49e8c06afd74b699411bfbb8ba1ff efe68c1ca8f49e8c06afd74b699411bfbb8ba1ff efe68c1ca8f49e8c06afd74b699411bfbb8ba1ff efe68c1ca8f49e8c06afd74b699411bfbb8ba1ff

Linux

Affected Versions:

5.8 0 5.10.37 5.11.21 5.12.4 5.13

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-phvq-9637-vp75

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix overflows checks in provide buffers Colin reported before possible overflow and sign extension problems in io_provide_buffers_prep(). As Linus pointed out previous attempt did nothing useful, see d81269fecb8ce ("io_uring: fix provide_buffers sign extension"). Do that with help of check_<op>_overflow helpers. And fix struct io_provide_buf::len type, as it doesn't make much sense to keep it signed.

CVSS Scoring

CVSS Score

7.5

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-47040

WEB https://git.kernel.org/stable/c/38134ada0ceea3e848fe993263c0ff6207fd46e7

WEB https://git.kernel.org/stable/c/51bf90901952aaac564bbdb36b2b503050c53dd9

WEB https://git.kernel.org/stable/c/84b8c266c4bfe9ed5128e13253c388deb74b1b03

WEB https://git.kernel.org/stable/c/cbbc13b115b8f18e0a714d89f87fbdc499acfe2d

Advisory provided by GitHub Security Advisory Database. Published: February 28, 2024, Modified: January 9, 2025

References

https://git.kernel.org/stable/c/cbbc13b115b8f18e0a714d89f87fbdc499acfe2d

https://git.kernel.org/stable/c/51bf90901952aaac564bbdb36b2b503050c53dd9

https://git.kernel.org/stable/c/84b8c266c4bfe9ed5128e13253c388deb74b1b03

https://git.kernel.org/stable/c/38134ada0ceea3e848fe993263c0ff6207fd46e7

Published: 2024-02-28T08:13:46.557Z

Last Modified: 2025-05-04T07:02:50.136Z

Copied to clipboard!

CVE-2021-47040

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Linux

Affected Versions:

Linux

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!