OpenCVE

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix overflows checks in provide buffers Colin reported before possible overflow and sign extension problems in io_provide_buffers_prep(). As Linus pointed out previous attempt did nothing useful, see d81269fecb8ce ("io_uring: fix provide_buffers sign extension"). Do that with help of check_<op>_overflow helpers. And fix struct io_provide_buf::len type, as it doesn't make much sense to keep it signed.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/38134ada0ceea3e848fe993263c0ff6207fd46e7
https://git.kernel.org/stable/c/51bf90901952aaac564bbdb36b2b503050c53dd9
https://git.kernel.org/stable/c/84b8c266c4bfe9ed5128e13253c388deb74b1b03
https://git.kernel.org/stable/c/cbbc13b115b8f18e0a714d89f87fbdc499acfe2d
https://lore.kernel.org/linux-cve-announce/2024022838-CVE-2021-47040-8722@gregkh/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2021-47040
https://www.cve.org/CVERecord?id=CVE-2021-47040

History

Mon, 04 Nov 2024 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-02-28T08:13:46.557Z

Updated: 2024-11-04T11:58:15.435Z

Reserved: 2024-02-27T18:42:55.968Z

Link: CVE-2021-47040

Vulnrichment

Updated: 2024-08-04T05:24:39.700Z

NVD

Status : Awaiting Analysis

Published: 2024-02-28T09:15:39.993

Modified: 2024-11-21T06:35:14.687

Link: CVE-2021-47040

Redhat

Severity : Moderate

Publid Date: 2024-02-28T00:00:00Z

Links: CVE-2021-47040 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47040", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-27T18:42:55.968Z", "datePublished": "2024-02-28T08:13:46.557Z", "dateUpdated": "2024-11-04T11:58:15.435Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T11:58:15.435Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix overflows checks in provide buffers\n\nColin reported before possible overflow and sign extension problems in\nio_provide_buffers_prep(). As Linus pointed out previous attempt did nothing\nuseful, see d81269fecb8ce (\"io_uring: fix provide_buffers sign extension\").\n\nDo that with help of check_<op>_overflow helpers. And fix struct\nio_provide_buf::len type, as it doesn't make much sense to keep it\nsigned."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/io_uring.c"], "versions": [{"version": "efe68c1ca8f4", "lessThan": "cbbc13b115b8", "status": "affected", "versionType": "git"}, {"version": "efe68c1ca8f4", "lessThan": "51bf90901952", "status": "affected", "versionType": "git"}, {"version": "efe68c1ca8f4", "lessThan": "84b8c266c4bf", "status": "affected", "versionType": "git"}, {"version": "efe68c1ca8f4", "lessThan": "38134ada0cee", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/io_uring.c"], "versions": [{"version": "5.8", "status": "affected"}, {"version": "0", "lessThan": "5.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.37", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.11.21", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.4", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/cbbc13b115b8f18e0a714d89f87fbdc499acfe2d"}, {"url": "https://git.kernel.org/stable/c/51bf90901952aaac564bbdb36b2b503050c53dd9"}, {"url": "https://git.kernel.org/stable/c/84b8c266c4bfe9ed5128e13253c388deb74b1b03"}, {"url": "https://git.kernel.org/stable/c/38134ada0ceea3e848fe993263c0ff6207fd46e7"}], "title": "io_uring: fix overflows checks in provide buffers", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.700Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/cbbc13b115b8f18e0a714d89f87fbdc499acfe2d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/51bf90901952aaac564bbdb36b2b503050c53dd9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/84b8c266c4bfe9ed5128e13253c388deb74b1b03", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/38134ada0ceea3e848fe993263c0ff6207fd46e7", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47040", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:57:48.348526Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:32:49.892Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/cbbc13b115b8f18e0a714d89f87fbdc499acfe2d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/51bf90901952aaac564bbdb36b2b503050c53dd9", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/84b8c266c4bfe9ed5128e13253c388deb74b1b03", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/38134ada0ceea3e848fe993263c0ff6207fd46e7", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.700Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47040", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:57:48.348526Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:12.912Z"}}], "cna": {"title": "io_uring: fix overflows checks in provide buffers", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "efe68c1ca8f4", "lessThan": "cbbc13b115b8", "versionType": "git"}, {"status": "affected", "version": "efe68c1ca8f4", "lessThan": "51bf90901952", "versionType": "git"}, {"status": "affected", "version": "efe68c1ca8f4", "lessThan": "84b8c266c4bf", "versionType": "git"}, {"status": "affected", "version": "efe68c1ca8f4", "lessThan": "38134ada0cee", "versionType": "git"}], "programFiles": ["fs/io_uring.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.8"}, {"status": "unaffected", "version": "0", "lessThan": "5.8", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.37", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.21", "versionType": "semver", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12.4", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/io_uring.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/cbbc13b115b8f18e0a714d89f87fbdc499acfe2d"}, {"url": "https://git.kernel.org/stable/c/51bf90901952aaac564bbdb36b2b503050c53dd9"}, {"url": "https://git.kernel.org/stable/c/84b8c266c4bfe9ed5128e13253c388deb74b1b03"}, {"url": "https://git.kernel.org/stable/c/38134ada0ceea3e848fe993263c0ff6207fd46e7"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix overflows checks in provide buffers\n\nColin reported before possible overflow and sign extension problems in\nio_provide_buffers_prep(). As Linus pointed out previous attempt did nothing\nuseful, see d81269fecb8ce (\"io_uring: fix provide_buffers sign extension\").\n\nDo that with help of check_<op>_overflow helpers. And fix struct\nio_provide_buf::len type, as it doesn't make much sense to keep it\nsigned."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T11:58:15.435Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47040", "state": "PUBLISHED", "dateUpdated": "2024-11-04T11:58:15.435Z", "dateReserved": "2024-02-27T18:42:55.968Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-28T08:13:46.557Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix overflows checks in provide buffers\n\nColin reported before possible overflow and sign extension problems in\nio_provide_buffers_prep(). As Linus pointed out previous attempt did nothing\nuseful, see d81269fecb8ce (\"io_uring: fix provide_buffers sign extension\").\n\nDo that with help of check_<op>_overflow helpers. And fix struct\nio_provide_buf::len type, as it doesn't make much sense to keep it\nsigned."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: io_uring: soluciona comprobaciones de desbordamiento en los buffers de suministro que Colin inform\u00f3 antes de posibles problemas de desbordamiento y extensi\u00f3n de firma en io_provide_buffers_prep(). Como Linus se\u00f1al\u00f3 que el intento anterior no hizo nada \u00fatil, consulte d81269fecb8ce (\"io_uring: corrige la extensi\u00f3n de signo provide_buffers\"). Haga esto con la ayuda de los ayudantes check__overflow. Y corrija el tipo struct io_provide_buf::len, ya que no tiene mucho sentido mantenerlo firmado."}], "id": "CVE-2021-47040", "lastModified": "2024-11-21T06:35:14.687", "metrics": {}, "published": "2024-02-28T09:15:39.993", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/38134ada0ceea3e848fe993263c0ff6207fd46e7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/51bf90901952aaac564bbdb36b2b503050c53dd9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/84b8c266c4bfe9ed5128e13253c388deb74b1b03"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cbbc13b115b8f18e0a714d89f87fbdc499acfe2d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/38134ada0ceea3e848fe993263c0ff6207fd46e7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/51bf90901952aaac564bbdb36b2b503050c53dd9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/84b8c266c4bfe9ed5128e13253c388deb74b1b03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/cbbc13b115b8f18e0a714d89f87fbdc499acfe2d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: io_uring: fix overflows checks in provide buffers", "id": "2267003", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267003"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-121", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nio_uring: fix overflows checks in provide buffers\nColin reported before possible overflow and sign extension problems in\nio_provide_buffers_prep(). As Linus pointed out previous attempt did nothing\nuseful, see d81269fecb8ce (\"io_uring: fix provide_buffers sign extension\").\nDo that with help of check_<op>_overflow helpers. And fix struct\nio_provide_buf::len type, as it doesn't make much sense to keep it\nsigned.", "A flaw was found in the Linux Kernel, which may lead to overflow and sign extension problems in io_provide_buffers_prep()."], "name": "CVE-2021-47040", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47040\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47040\nhttps://lore.kernel.org/linux-cve-announce/2024022838-CVE-2021-47040-8722@gregkh/T/#u"], "statement": "Red Hat Enterprise Linux 8 and 9 are not affected by this vulnerability.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.10.37, kernel 5.11.21, kernel 5.12.4, kernel 5.13"}