CVE-2021-47642
Vulnerability Summary
Timeline
Description
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow Coverity complains of a possible buffer overflow. However, given the 'static' scope of nvidia_setup_i2c_bus() it looks like that can't happen after examiniing the call sites. CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 1. fixed_size_dest: You might overrun the 48-character fixed-size string chan->adapter.name by copying name without checking the length. 2. parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. 89 strcpy(chan->adapter.name, name); Fix this warning by using strscpy() which will silence the warning and prevent any future buffer overflows should the names used to identify the channel become much longer.
CVSS Metrics
- v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Trends
Current EPSS score: 0.01%• Percentile: 4%
Techniques & Countermeasures
- CWE-787•Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Affected Systems
- linux•linux
≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 47e5533adf118afaf06d25a3e2aaaab89371b1c5 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 580e5d3815474b8349250c25c16416585a72c7fe | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 72dd5c46a152136712a55bf026a9aa8c1b12b60d | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 055cdd2e7b992921424d4daaa285ced787fb205f | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 08dff482012758935c185532b1ad7d584785a86e | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 9ff2f7294ab0f011cd4d1b7dcd9a07d8fdf72834 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 6a5226e544ac043bb2d8dc1bfe8920d02282f7cd | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 41baa86b6c802cdc6ab8ff2d46c083c9be93de81 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 37a1a2e6eeeb101285cd34e12e48a881524701aa | 2.6.12
- linux•linux_kernel
< 4.9.311 | ≥ 4.10, < 4.14.276 | ≥ 4.15, < 4.19.238 | ≥ 4.20, < 5.4.189 | ≥ 5.5, < 5.10.110 | ≥ 5.11, < 5.15.33 | ≥ 5.16, < 5.16.19 | ≥ 5.17, < 5.17.2
References (9)
- https://git.kernel.org/stable/c/47e5533adf118afaf06d25a3e2aaaab89371b1c5
- https://git.kernel.org/stable/c/580e5d3815474b8349250c25c16416585a72c7fe
- https://git.kernel.org/stable/c/72dd5c46a152136712a55bf026a9aa8c1b12b60d
- https://git.kernel.org/stable/c/055cdd2e7b992921424d4daaa285ced787fb205f
- https://git.kernel.org/stable/c/08dff482012758935c185532b1ad7d584785a86e
- https://git.kernel.org/stable/c/9ff2f7294ab0f011cd4d1b7dcd9a07d8fdf72834
- https://git.kernel.org/stable/c/6a5226e544ac043bb2d8dc1bfe8920d02282f7cd
- https://git.kernel.org/stable/c/41baa86b6c802cdc6ab8ff2d46c083c9be93de81
- https://git.kernel.org/stable/c/37a1a2e6eeeb101285cd34e12e48a881524701aa