CVE-2021-47477
comedi: dt9812: fix DMA buffers on stack
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.3EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
22 mai 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In the Linux kernel, the following vulnerability has been resolved:
comedi: dt9812: fix DMA buffers on stack
USB transfer buffers are typically mapped for DMA and must not be
allocated on the stack or transfers will fail.
Allocate proper transfer buffers in the various command helpers and
return an error on short transfers instead of acting on random stack
data.
Note that this also fixes a stack info leak on systems where DMA is not
used as 32 bytes are always sent to the device regardless of how short
the command is.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Produtos afetados
Linux · LinuxQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://git.kernel.org/stable/c/20cebb8b620dc987e55ddc46801de986e081757ehttps://git.kernel.org/stable/c/365a346cda82f51d835c49136a00a9df8a78c7f2https://git.kernel.org/stable/c/39ea61037ae78f14fa121228dd962ea3280eacf3https://git.kernel.org/stable/c/3ac273d154d634e2034508a14db82a95d7ad12edhttps://git.kernel.org/stable/c/3efb7af8ac437085b6c776e5b54830b149d86efehttps://git.kernel.org/stable/c/536de747bc48262225889a533db6650731ab25d3https://git.kernel.org/stable/c/786f5b03450454557ff858a8bead5d7c0cbf78d6https://git.kernel.org/stable/c/8a52bc480992c7c9da3ebfea456af731f50a4b97https://git.kernel.org/stable/c/a6af69768d5cb4b2528946d53be5fa19ade37723