CVE-2021-47040

HIGH

Linux Kernel < 5.10.37 - Buffer Overflow

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix overflows checks in provide buffers Colin reported before possible overflow and sign extension problems in io_provide_buffers_prep(). As Linus pointed out previous attempt did nothing useful, see d81269fecb8ce ("io_uring: fix provide_buffers sign extension"). Do that with help of check_<op>_overflow helpers. And fix struct io_provide_buf::len type, as it doesn't make much sense to keep it signed.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/38134ada0ceea3e848fe993263c0ff6207fd46e7

Patch

https://git.kernel.org/stable/c/51bf90901952aaac564bbdb36b2b503050c53dd9

Patch

https://git.kernel.org/stable/c/84b8c266c4bfe9ed5128e13253c388deb74b1b03

Patch

https://git.kernel.org/stable/c/cbbc13b115b8f18e0a714d89f87fbdc499acfe2d

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 5.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-120

Status published

Products (1)

linux/linux_kernel 5.8 - 5.10.37

Published Feb 28, 2024

Tracked Since Feb 18, 2026