CVE-2021-47609

firmware: arm_scpi: Fix string overflow in SCPI genpd driver

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

firmware: arm_scpi: Fix string overflow in SCPI genpd driver

Without the bound checks for scpi_pd->name, it could result in the buffer
overflow when copying the SCPI device name from the corresponding device
tree node as the name string is set at maximum size of 30.

Let us fix it by using devm_kasprintf so that the string buffer is
allocated dynamically.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: arm_scpi: corrige el desbordamiento de cadena en el controlador SCPI genpd. Sin las comprobaciones vinculadas para scpi_pd->name, podría provocar un desbordamiento del búfer al copiar el nombre del dispositivo SCPI del dispositivo correspondiente. El nodo del árbol como cadena de nombre se establece en un tamaño máximo de 30. Arreglemoslo usando devm_kasprintf para que el búfer de cadena se asigne dinámicamente.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-19 CVE Reserved
2024-06-19 CVE Published
2024-06-20 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/8bec4337ad4023b26de35d3b0c3a3b2735ffc5c7	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/639901b9429a3195e0fead981ed74b51f5f31538	2021-12-22
https://git.kernel.org/stable/c/4694b1ec425a2d20d6f8ca3db594829fdf5f2672	2021-12-22
https://git.kernel.org/stable/c/7e8645ca2c0046f7cd2f0f7d569fc036c8abaedb	2021-12-22
https://git.kernel.org/stable/c/802a1a8501563714a5fe8824f4ed27fec04a0719	2021-12-22
https://git.kernel.org/stable/c/f0f484714f35d24ffa0ecb4afe3df1c5b225411d	2021-12-22
https://git.kernel.org/stable/c/976389cbb16cee46847e5d06250a3a0b5506781e	2021-12-22
https://git.kernel.org/stable/c/865ed67ab955428b9aa771d8b4f1e4fb7fd08945	2021-12-13

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 4.9.294 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 4.9.294"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 4.14.259 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 4.14.259"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 4.19.222 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 4.19.222"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.4.168 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.4.168"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.10.88 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.10.88"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.15.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.15.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.8 < 5.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 5.16"		en		Affected