From: Vasiliy Kovalev <kovalev@altlinux.org>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Sasha Levin <sashal@kernel.org>,
stable@vger.kernel.org
Cc: "Martin K . Petersen" <martin.petersen@oracle.com>,
"James E . J . Bottomley" <jejb@linux.ibm.com>,
Damien Le Moal <damien.lemoal@wdc.com>,
linux-scsi@vger.kernel.org, lvc-project@linuxtesting.org,
kovalev@altlinux.org, nickel@altlinux.org, gerben@altlinux.org,
dutyrok@altlinux.org
Subject: [PATCH v2 5.10.y 0/3] scsi: Backport fixes for CVE-2021-47182
Date: Mon, 9 Dec 2024 20:03:27 +0300 [thread overview]
Message-ID: <20241209170330.113179-1-kovalev@altlinux.org> (raw)
The patch titled "scsi: core: Fix scsi_mode_sense() buffer length handling"
addresses CVE-2021-47182, fixing the following issues in `scsi_mode_sense()`
buffer length handling:
1. Incorrect handling of the allocation length field in the MODE SENSE(10)
command, causing truncation of buffer lengths larger than 255 bytes.
2. Memory corruption when handling small buffer lengths due to lack of proper
validation.
CVE announcement in linux-cve-announce:
https://lore.kernel.org/linux-cve-announce/2024041032-CVE-2021-47182-377e@gregkh/
Fixed versions:
- Fixed in 5.15.5 with commit e15de347faf4
- Fixed in 5.16 with commit 17b49bcbf835
Official CVE entry:
https://cve.org/CVERecord/?id=CVE-2021-47182
---
v2: To ensure consistency and completeness of the fixes, this backport
includes all 3 patches from the series [1].
In addition to the first patch that addresses the CVE, the second and
third patches are included, which prevent further regressions and align
with the fixes already backported and proposed for backporting [2] to
the stable 5.15 kernel.
[1] https://lore.kernel.org/all/20210820070255.682775-1-damien.lemoal@wdc.com/
[2] https://lore.kernel.org/all/20241209165340.112862-1-kovalev@altlinux.org/
[PATCH 5.10.y 1/3] scsi: core: Fix scsi_mode_sense() buffer length handling
[PATCH 5.10.y 2/3] scsi: core: Fix scsi_mode_select() buffer length handling
[PATCH 5.10.y 3/3] scsi: sd: Fix sd_do_mode_sense() buffer length handling
next reply other threads:[~2024-12-09 17:03 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-09 17:03 Vasiliy Kovalev [this message]
2024-12-09 17:03 ` [PATCH 5.10.y 1/3] scsi: core: Fix scsi_mode_sense() buffer length handling Vasiliy Kovalev
2024-12-09 20:55 ` Sasha Levin
2024-12-09 17:03 ` [PATCH 5.10.y 2/3] scsi: core: Fix scsi_mode_select() " Vasiliy Kovalev
2024-12-09 20:55 ` Sasha Levin
2024-12-09 17:03 ` [PATCH 5.10.y 3/3] scsi: sd: Fix sd_do_mode_sense() " Vasiliy Kovalev
2024-12-09 20:55 ` Sasha Levin
2025-01-30 21:26 ` [PATCH v2 5.10.y 0/3] scsi: Backport fixes for CVE-2021-47182 Vasiliy Kovalev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241209170330.113179-1-kovalev@altlinux.org \
--to=kovalev@altlinux.org \
--cc=damien.lemoal@wdc.com \
--cc=dutyrok@altlinux.org \
--cc=gerben@altlinux.org \
--cc=gregkh@linuxfoundation.org \
--cc=jejb@linux.ibm.com \
--cc=linux-scsi@vger.kernel.org \
--cc=lvc-project@linuxtesting.org \
--cc=martin.petersen@oracle.com \
--cc=nickel@altlinux.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox