[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-47191":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T02:53:27.892Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":23,"aliases":24,"duplicate_of":9,"upstream":25,"downstream":26,"duplicates":101,"related":102,"reserved_at":9,"published_at":113,"modified_at":114,"state":115,"summary":116,"references_raw":125,"kevs":140,"epss":141,"epss_history":144,"metrics":382,"affected":388},"CVE-2021-47191","In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_debug: Fix out-of-bound read in resp_readcap16()\n\nThe following warning was observed running syzkaller:\n\n[ 3813.830724] sg_write: data in/out 65466/242 bytes for SCSI command 0x9e-- guessing data in;\n[ 3813.830724]    program syz-executor not setting count and/or reply_len properly\n[ 3813.836956] ==================================================================\n[ 3813.839465] BUG: KASAN: stack-out-of-bounds in sg_copy_buffer+0x157/0x1e0\n[ 3813.841773] Read of size 4096 at addr ffff8883cf80f540 by task syz-executor/1549\n[ 3813.846612] Call Trace:\n[ 3813.846995]  dump_stack+0x108/0x15f\n[ 3813.847524]  print_address_description+0xa5/0x372\n[ 3813.848243]  kasan_report.cold+0x236/0x2a8\n[ 3813.849439]  check_memory_region+0x240/0x270\n[ 3813.850094]  memcpy+0x30/0x80\n[ 3813.850553]  sg_copy_buffer+0x157/0x1e0\n[ 3813.853032]  sg_copy_from_buffer+0x13/0x20\n[ 3813.853660]  fill_from_dev_buffer+0x135/0x370\n[ 3813.854329]  resp_readcap16+0x1ac/0x280\n[ 3813.856917]  schedule_resp+0x41f/0x1630\n[ 3813.858203]  scsi_debug_queuecommand+0xb32/0x17e0\n[ 3813.862699]  scsi_dispatch_cmd+0x330/0x950\n[ 3813.863329]  scsi_request_fn+0xd8e/0x1710\n[ 3813.863946]  __blk_run_queue+0x10b/0x230\n[ 3813.864544]  blk_execute_rq_nowait+0x1d8/0x400\n[ 3813.865220]  sg_common_write.isra.0+0xe61/0x2420\n[ 3813.871637]  sg_write+0x6c8/0xef0\n[ 3813.878853]  __vfs_write+0xe4/0x800\n[ 3813.883487]  vfs_write+0x17b/0x530\n[ 3813.884008]  ksys_write+0x103/0x270\n[ 3813.886268]  __x64_sys_write+0x77/0xc0\n[ 3813.886841]  do_syscall_64+0x106/0x360\n[ 3813.887415]  entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nThis issue can be reproduced with the following syzkaller log:\n\nr0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\\x00', 0x26e1, 0x0)\nr1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/3\\x00')\nopen_by_handle_at(r1, &(0x7f00000003c0)=ANY=[@ANYRESHEX], 0x602000)\nr2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40782)\nwrite$binfmt_aout(r2, &(0x7f0000000340)=ANY=[@ANYBLOB=\"00000000deff000000000000000000000000000000000000000000000000000047f007af9e107a41ec395f1bded7be24277a1501ff6196a83366f4e6362bc0ff2b247f68a972989b094b2da4fb3607fcf611a22dd04310d28c75039d\"], 0x126)\n\nIn resp_readcap16() we get \"int alloc_len\" value -1104926854, and then pass\nthe huge arr_len to fill_from_dev_buffer(), but arr is only 32 bytes. This\nleads to OOB in sg_copy_buffer().\n\nTo solve this issue, define alloc_len as u32.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-125","Out-of-bounds Read","The product reads data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base",[19],{"id":20,"name":21,"techniques":22},"CAPEC-540","Overread Buffers",[],[],[],[],[27,29,31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99],{"_key":28},"SUSE-SU-2024:1644-1",{"_key":30},"SUSE-SU-2024:1659-1",{"_key":32},"SUSE-SU-2024:2360-1",{"_key":34},"SUSE-SU-2024:2381-1",{"_key":36},"SUSE-SU-2024:2561-1",{"_key":38},"SUSE-SU-2024:2901-1",{"_key":40},"SUSE-SU-2024:2940-1",{"_key":42},"SUSE-SU-2024:1641-1",{"_key":44},"SUSE-SU-2024:1647-1",{"_key":46},"SUSE-SU-2024:1663-1",{"_key":48},"DEBIAN-CVE-2021-47191",{"_key":50},"UBUNTU-CVE-2021-47191",{"_key":52},"USN-7496-1",{"_key":54},"USN-7496-2",{"_key":56},"USN-7496-3",{"_key":58},"USN-7496-4",{"_key":60},"USN-7496-5",{"_key":62},"USN-7506-1",{"_key":64},"USN-7506-2",{"_key":66},"USN-7506-3",{"_key":68},"USN-7506-4",{"_key":70},"USN-7516-1",{"_key":72},"USN-7516-2",{"_key":74},"USN-7516-3",{"_key":76},"USN-7516-4",{"_key":78},"USN-7516-5",{"_key":80},"USN-7516-6",{"_key":82},"USN-7516-7",{"_key":84},"USN-7516-8",{"_key":86},"USN-7516-9",{"_key":88},"USN-7517-1",{"_key":90},"USN-7517-2",{"_key":92},"USN-7517-3",{"_key":94},"USN-7518-1",{"_key":96},"USN-7539-1",{"_key":98},"USN-7540-1",{"_key":100},"USN-7640-1",[],[103,104,105,106,107,108,109,110,111,112],{"_key":28},{"_key":30},{"_key":32},{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":46},"2024-04-10T18:56:29.455Z","2026-05-11T13:49:44.411Z","Analyzed",{"cisa_kev":117,"cisa_ransomware":117,"cisa_vendor":9,"epss_severity":118,"epss_score":119,"severity":120,"severity_score":121,"severity_version":122,"severity_source":123,"severity_vector":124,"severity_status":115},false,"low",0.00009,"high",7.1,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",[126,132,136],{"url":127,"sources":128,"tags":130},"https://git.kernel.org/stable/c/3e20cb072679bdb47747ccc8bee3233a4cf0765a",[129,123],"cve.org",[131],"Patch",{"url":133,"sources":134,"tags":135},"https://git.kernel.org/stable/c/5b8bed6464ad6653586e30df046185fd816ad999",[129,123],[131],{"url":137,"sources":138,"tags":139},"https://git.kernel.org/stable/c/4e3ace0051e7e504b55d239daab8789dd89b863c",[129,123],[131],[],{"date":142,"score":119,"percentile":143},"2026-06-03",0.0101,[145,148,151,154,157,160,162,164,166,169,172,175,177,179,181,185,188,191,194,197,200,202,205,208,211,214,217,220,222,225,228,231,234,237,239,242,245,248,251,253,255,257,260,263,266,268,270,272,275,278,280,283,286,289,292,294,296,298,301,303,305,308,310,312,314,316,318,321,324,327,329,331,334,336,339,341,344,346,348,351,353,356,359,362,365,368,371,373,376,379],{"date":146,"score":119,"percentile":147},"2025-11-04",0.00656,{"date":149,"score":119,"percentile":150},"2025-11-05",0.00657,{"date":152,"score":119,"percentile":153},"2025-11-06",0.00659,{"date":155,"score":119,"percentile":156},"2025-11-07",0.00662,{"date":158,"score":119,"percentile":159},"2025-11-08",0.0066,{"date":161,"score":119,"percentile":159},"2025-11-09",{"date":163,"score":119,"percentile":147},"2025-11-10",{"date":165,"score":119,"percentile":147},"2025-11-11",{"date":167,"score":119,"percentile":168},"2025-11-12",0.00653,{"date":170,"score":119,"percentile":171},"2025-11-13",0.00651,{"date":173,"score":119,"percentile":174},"2025-11-14",0.00655,{"date":176,"score":119,"percentile":153},"2025-11-15",{"date":178,"score":119,"percentile":153},"2025-11-16",{"date":180,"score":119,"percentile":150},"2025-11-17",{"date":182,"score":183,"percentile":184},"2025-11-18",0.00067,0.16601,{"date":186,"score":183,"percentile":187},"2025-11-19",0.16612,{"date":189,"score":183,"percentile":190},"2025-11-20",0.16584,{"date":192,"score":119,"percentile":193},"2025-11-21",0.00671,{"date":195,"score":119,"percentile":196},"2025-11-22",0.0067,{"date":198,"score":119,"percentile":199},"2025-11-23",0.00664,{"date":201,"score":119,"percentile":153},"2025-11-24",{"date":203,"score":119,"percentile":204},"2025-11-25",0.00658,{"date":206,"score":119,"percentile":207},"2025-11-26",0.00649,{"date":209,"score":119,"percentile":210},"2025-11-27",0.00648,{"date":212,"score":119,"percentile":213},"2025-11-28",0.00652,{"date":215,"score":119,"percentile":216},"2025-11-29",0.00667,{"date":218,"score":119,"percentile":219},"2025-11-30",0.00669,{"date":221,"score":119,"percentile":193},"2025-12-01",{"date":223,"score":119,"percentile":224},"2025-12-02",0.00668,{"date":226,"score":119,"percentile":227},"2025-12-03",0.00674,{"date":229,"score":119,"percentile":230},"2025-12-04",0.00675,{"date":232,"score":119,"percentile":233},"2025-12-05",0.00682,{"date":235,"score":119,"percentile":236},"2025-12-06",0.0068,{"date":238,"score":119,"percentile":236},"2025-12-07",{"date":240,"score":119,"percentile":241},"2025-12-08",0.00684,{"date":243,"score":119,"percentile":244},"2025-12-09",0.00697,{"date":246,"score":119,"percentile":247},"2025-12-10",0.00709,{"date":249,"score":119,"percentile":250},"2025-12-11",0.00707,{"date":252,"score":119,"percentile":247},"2025-12-12",{"date":254,"score":119,"percentile":250},"2025-12-13",{"date":256,"score":119,"percentile":250},"2025-12-14",{"date":258,"score":119,"percentile":259},"2025-12-15",0.00701,{"date":261,"score":119,"percentile":262},"2025-12-16",0.00704,{"date":264,"score":119,"percentile":265},"2025-12-17",0.00706,{"date":267,"score":119,"percentile":265},"2025-12-18",{"date":269,"score":119,"percentile":247},"2025-12-19",{"date":271,"score":119,"percentile":247},"2025-12-20",{"date":273,"score":119,"percentile":274},"2025-12-21",0.00705,{"date":276,"score":119,"percentile":277},"2025-12-22",0.00708,{"date":279,"score":119,"percentile":250},"2025-12-23",{"date":281,"score":119,"percentile":282},"2025-12-24",0.0071,{"date":284,"score":119,"percentile":285},"2025-12-25",0.00711,{"date":287,"score":119,"percentile":288},"2025-12-26",0.00716,{"date":290,"score":119,"percentile":291},"2025-12-27",0.00712,{"date":293,"score":119,"percentile":291},"2025-12-28",{"date":295,"score":119,"percentile":282},"2025-12-29",{"date":297,"score":119,"percentile":250},"2025-12-30",{"date":299,"score":119,"percentile":300},"2025-12-31",0.00703,{"date":302,"score":119,"percentile":265},"2026-01-01",{"date":304,"score":119,"percentile":291},"2026-01-02",{"date":306,"score":119,"percentile":307},"2026-01-03",0.00713,{"date":309,"score":119,"percentile":274},"2026-01-04",{"date":311,"score":119,"percentile":277},"2026-01-05",{"date":313,"score":119,"percentile":250},"2026-01-06",{"date":315,"score":119,"percentile":274},"2026-01-07",{"date":317,"score":119,"percentile":282},"2026-01-08",{"date":319,"score":119,"percentile":320},"2026-01-09",0.00717,{"date":322,"score":119,"percentile":323},"2026-01-10",0.0072,{"date":325,"score":119,"percentile":326},"2026-01-11",0.00719,{"date":328,"score":119,"percentile":320},"2026-01-12",{"date":330,"score":119,"percentile":288},"2026-01-13",{"date":332,"score":119,"percentile":333},"2026-01-14",0.00715,{"date":335,"score":119,"percentile":320},"2026-01-15",{"date":337,"score":119,"percentile":338},"2026-01-16",0.00718,{"date":340,"score":119,"percentile":338},"2026-01-17",{"date":342,"score":119,"percentile":343},"2026-01-18",0.00722,{"date":345,"score":119,"percentile":326},"2026-01-19",{"date":347,"score":119,"percentile":288},"2026-01-20",{"date":349,"score":119,"percentile":350},"2026-01-21",0.00714,{"date":352,"score":119,"percentile":333},"2026-01-22",{"date":354,"score":119,"percentile":355},"2026-01-23",0.00724,{"date":357,"score":119,"percentile":358},"2026-01-24",0.00728,{"date":360,"score":119,"percentile":361},"2026-01-25",0.00729,{"date":363,"score":119,"percentile":364},"2026-01-26",0.0073,{"date":366,"score":119,"percentile":367},"2026-01-27",0.00733,{"date":369,"score":119,"percentile":370},"2026-01-28",0.00731,{"date":372,"score":119,"percentile":367},"2026-01-29",{"date":374,"score":119,"percentile":375},"2026-01-30",0.00743,{"date":377,"score":119,"percentile":378},"2026-01-31",0.00749,{"date":380,"score":119,"percentile":381},"2026-02-01",0.00754,[383],{"source":123,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":384,"cvss_v4_0":9},{"baseScore":121,"baseSeverity":385,"vectorString":124,"impactScore":386,"exploitabilityScore":387},"HIGH",8.7,4.6,[389,409],{"ecosystem":9,"name":390,"vendor":391,"product":391,"cpe_part":392,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":393},"Linux","linux","a",[394,401,404,407],{"version":395,"is_range":396,"range_type":129,"version_start":397,"version_start_type":398,"version_end":399,"version_end_type":400,"fixed_in":9},">= c65b1445d153a66ca91b00c1f10187e495c17918, \u003C 3e20cb072679bdb47747ccc8bee3233a4cf0765a",true,"c65b1445d153a66ca91b00c1f10187e495c17918","including","3e20cb072679bdb47747ccc8bee3233a4cf0765a","excluding",{"version":402,"is_range":396,"range_type":129,"version_start":397,"version_start_type":398,"version_end":403,"version_end_type":400,"fixed_in":9},">= c65b1445d153a66ca91b00c1f10187e495c17918, \u003C 5b8bed6464ad6653586e30df046185fd816ad999","5b8bed6464ad6653586e30df046185fd816ad999",{"version":405,"is_range":396,"range_type":129,"version_start":397,"version_start_type":398,"version_end":406,"version_end_type":400,"fixed_in":9},">= c65b1445d153a66ca91b00c1f10187e495c17918, \u003C 4e3ace0051e7e504b55d239daab8789dd89b863c","4e3ace0051e7e504b55d239daab8789dd89b863c",{"version":408,"is_range":117,"range_type":129,"version_start":408,"version_start_type":398,"version_end":408,"version_end_type":398,"fixed_in":9},"2.6.18",{"ecosystem":9,"name":410,"vendor":391,"product":411,"cpe_part":412,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":413},"linux kernel","linux_kernel","o",[414,418],{"version":415,"is_range":396,"range_type":416,"version_start":9,"version_start_type":9,"version_end":417,"version_end_type":400,"fixed_in":9},"lt5.10.82","cpe","5.10.82",{"version":419,"is_range":396,"range_type":416,"version_start":420,"version_start_type":398,"version_end":421,"version_end_type":400,"fixed_in":9},"gte5.11_lt5.15.5","5.11","5.15.5"]