CVE-2021-47576 in Linuxinformação

Sumário

de VulDB • 01/06/2026

No kernel do Linux, a seguinte vulnerabilidade foi corrigida:

scsi: scsi_debug: Verificação de integridade (sanity check) do comprimento do descritor de bloco em resp_mode_select()

Em resp_mode_select(), realize uma verificação de integridade do comprimento do descritor de bloco para evitar um erro Use-After-Free (UAF).

BUG: KASAN: use-after-free em resp_mode_select+0xa4c/0xb40 drivers/scsi/scsi_debug.c:2509 Leitura de tamanho 1 no endereço ffff888026670f50 pela tarefa scsicmd/15032

CPU: 1 PID: 15032 Comm: scsicmd Não contaminado 5.15.0-01d0625 #15 Nome do hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Rastreamento de chamada:

dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:107 print_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:257 kasan_report.cold.14+0x7d/0x117 mm/kasan/report.c:443 __asan_report_load1_noabort+0x14/0x20 mm/kasan/report_generic.c:306 resp_mode_select+0xa4c/0xb40 drivers/scsi/scsi_debug.c:2509 schedule_resp+0x4af/0x1a10 drivers/scsi/scsi_debug.c:5483 scsi_debug_queuecommand+0x8c9/0x1e70 drivers/scsi/scsi_debug.c:7537 scsi_queue_rq+0x16b4/0x2d10 drivers/scsi/scsi_lib.c:1521 blk_mq_dispatch_rq_list+0xb9b/0x2700 block/blk-mq.c:1640 __blk_mq_sched_dispatch_requests+0x28f/0x590 block/blk-mq-sched.c:325 blk_mq_sched_dispatch_requests+0x105/0x190 block/blk-mq-sched.c:358 __blk_mq_run_hw_queue+0xe5/0x150 block/blk-mq.c:1762 __blk_mq_delay_run_hw_queue+0x4f8/0x5c0 block/blk-mq.c:1839 blk_mq_run_hw_queue+0x18d/0x350 block/blk-mq.c:1891 blk_mq_sched_insert_request+0x3db/0x4e0 block/blk-mq-sched.c:474 blk_execute_rq_nowait+0x16b/0x1c0 block/blk-exec.c:63 sg_common_write.isra.18+0xeb3/0x2000 drivers/scsi/sg.c:837 sg_new_write.isra.19+0x570/0x8c0 drivers/scsi/sg.c:775 sg_ioctl_common+0x14d6/0x2710 drivers/scsi/sg.c:941 sg_ioctl+0xa2/0x180 drivers/scsi/sg.c:1166 __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:52 do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:50 entry_SYSCALL_64_after_hwframe+0x44/0xae arch/x86/entry/entry_64.S:113

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Fontes

Do you want to use VulDB in your project?

Use the official API to access entries easily!