CVE-2021-47172
iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers
Channel numbering must start at 0 and then not have any holes, or
it is possible to overflow the available storage. Note this bug was
introduced as part of a fix to ensure we didn't rely on the ordering
of child nodes. So we need to support arbitrary ordering but they all
need to be there somewhere.
Note I hit this when using qemu to test the rest of this series.
Arguably this isn't the best fix, but it is probably the most minimal
option for backporting etc.
Alexandru's sign-off is here because he carried this patch in a larger
set that Jonathan then applied.
En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: iio: adc: ad7124: Se corrige posible desbordamiento por números de canales no secuenciales. La numeración de canales debe comenzar en 0 y luego no tener huecos, o es posible que se desborde el almacenamiento disponible. Tenga en cuenta que este error se introdujo como parte de una solución para garantizar que no dependiéramos del orden de los nodos secundarios. Por lo tanto, debemos apoyar el ordenamiento arbitrario, pero todos deben estar ahí en alguna parte. Tenga en cuenta que presioné esto cuando uso qemu para probar el resto de esta serie. Podría decirse que esta no es la mejor solución, pero probablemente sea la opción más mínima para realizar backporting, etc. La aprobación de Alexandru está aquí porque llevó este parche en un conjunto más grande que luego aplicó Jonathan.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-25 CVE Reserved
- 2024-03-25 CVE Published
- 2024-03-26 EPSS Updated
- 2024-12-19 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/5408cbc6337300d6f1a87c797273c535ed96305a | Vuln. Introduced | |
https://git.kernel.org/stable/c/d7857e4ee1ba69732b16c73b2f2dde83ecd78ee4 | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.4.14 < 5.4.124 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.14 < 5.4.124" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.5 < 5.10.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.10.42" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.5 < 5.12.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.12.9" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.5 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5 < 5.13" | en |
Affected
|