[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2021-47191":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T02:53:27.892Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":17,"related":18,"reserved_at":9,"published_at":19,"modified_at":20,"state":9,"summary":21,"references_raw":23,"kevs":30,"epss":9,"epss_history":31,"metrics":32,"affected":39},"DEBIAN-CVE-2021-47191","In the Linux kernel, the following vulnerability has been resolved:  scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()  The following warning was observed running syzkaller:  [ 3813.830724] sg_write: data in/out 65466/242 bytes for SCSI command 0x9e-- guessing data in; [ 3813.830724]    program syz-executor not setting count and/or reply_len properly [ 3813.836956] ================================================================== [ 3813.839465] BUG: KASAN: stack-out-of-bounds in sg_copy_buffer+0x157/0x1e0 [ 3813.841773] Read of size 4096 at addr ffff8883cf80f540 by task syz-executor/1549 [ 3813.846612] Call Trace: [ 3813.846995]  dump_stack+0x108/0x15f [ 3813.847524]  print_address_description+0xa5/0x372 [ 3813.848243]  kasan_report.cold+0x236/0x2a8 [ 3813.849439]  check_memory_region+0x240/0x270 [ 3813.850094]  memcpy+0x30/0x80 [ 3813.850553]  sg_copy_buffer+0x157/0x1e0 [ 3813.853032]  sg_copy_from_buffer+0x13/0x20 [ 3813.853660]  fill_from_dev_buffer+0x135/0x370 [ 3813.854329]  resp_readcap16+0x1ac/0x280 [ 3813.856917]  schedule_resp+0x41f/0x1630 [ 3813.858203]  scsi_debug_queuecommand+0xb32/0x17e0 [ 3813.862699]  scsi_dispatch_cmd+0x330/0x950 [ 3813.863329]  scsi_request_fn+0xd8e/0x1710 [ 3813.863946]  __blk_run_queue+0x10b/0x230 [ 3813.864544]  blk_execute_rq_nowait+0x1d8/0x400 [ 3813.865220]  sg_common_write.isra.0+0xe61/0x2420 [ 3813.871637]  sg_write+0x6c8/0xef0 [ 3813.878853]  __vfs_write+0xe4/0x800 [ 3813.883487]  vfs_write+0x17b/0x530 [ 3813.884008]  ksys_write+0x103/0x270 [ 3813.886268]  __x64_sys_write+0x77/0xc0 [ 3813.886841]  do_syscall_64+0x106/0x360 [ 3813.887415]  entry_SYSCALL_64_after_hwframe+0x44/0xa9  This issue can be reproduced with the following syzkaller log:  r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\\x00', 0x26e1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/3\\x00') open_by_handle_at(r1, &(0x7f00000003c0)=ANY=[@ANYRESHEX], 0x602000) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40782) write$binfmt_aout(r2, &(0x7f0000000340)=ANY=[@ANYBLOB=\"00000000deff000000000000000000000000000000000000000000000000000047f007af9e107a41ec395f1bded7be24277a1501ff6196a83366f4e6362bc0ff2b247f68a972989b094b2da4fb3607fcf611a22dd04310d28c75039d\"], 0x126)  In resp_readcap16() we get \"int alloc_len\" value -1104926854, and then pass the huge arr_len to fill_from_dev_buffer(), but arr is only 32 bytes. This leads to OOB in sg_copy_buffer().  To solve this issue, define alloc_len as u32.",null,[],[],[],[14],{"_key":15},"CVE-2021-47191",[],[],[],"2024-04-10T19:15:47.663Z","2026-04-28T20:23:21.339019Z",{"cisa_kev":22,"cisa_ransomware":22,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[24],{"url":25,"sources":26,"tags":28},"https://security-tracker.debian.org/tracker/CVE-2021-47191",[27],"osv_debian",[29],"Advisory",[],[],[33],{"source":27,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":34,"cvss_v4_0":9},{"baseScore":35,"baseSeverity":9,"vectorString":36,"impactScore":37,"exploitabilityScore":38},7.1,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",8.7,4.6,[40],{"ecosystem":41,"name":42,"vendor":43,"product":42,"cpe_part":9,"purl_type":44,"purl_namespace":43,"purl_name":42,"source":9,"versions":45},"Debian","linux","debian","deb",[46,52,55,56],{"version":47,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":50,"version_end_type":51,"fixed_in":9},"lt5_10_84_1",true,"ecosystem","5.10.84-1","excluding",{"version":53,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":51,"fixed_in":9},"lt5_15_5_1","5.15.5-1",{"version":53,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":51,"fixed_in":9},{"version":53,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":51,"fixed_in":9}]