CVE-2021-47276

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-47276

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47276.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-47276

Related

Published

2024-05-21T15:15:15Z

Modified

2024-09-18T01:00:22Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

ftrace: Do not blindly read the ip address in ftrace_bug()

It was reported that a bug on arm64 caused a bad ip address to be used for updating into a nop in ftraceinit(), but the error path (rightfully) returned -EINVAL and not -EFAULT, as the bug caused more than one error to occur. But because -EINVAL was returned, the ftracebug() tried to report what was at the location of the ip address, and read it directly. This caused the machine to panic, as the ip was not pointing to a valid memory address.

Instead, read the ip address with copyfromkernel_nofault() to safely access the memory, and if it faults, report that the address faulted, otherwise report what was in that location.

References

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.46-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.46-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.46-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}