diff options
author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-12 18:50:11 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-12 18:50:11 +0100 |
commit | 4ec2d279d8b19c4442a74b17cdd9925150426e3c (patch) | |
tree | 181a8a48b65a0f179b167a74c0009d5b46b11533 | |
parent | ad19c4468481cc94637414fae94c2df045f11444 (diff) | |
download | vulns-4ec2d279d8b19c4442a74b17cdd9925150426e3c.tar.gz |
add a testing 2021 commit
More stress testing of versions detection, something is wrong...
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r-- | cve/published/2021/CVE-2021-47181 (renamed from cve/reserved/2021/CVE-2021-47181) | 0 | ||||
-rw-r--r-- | cve/published/2021/CVE-2021-47181.json | 90 | ||||
-rw-r--r-- | cve/published/2021/CVE-2021-47181.mbox | 45 | ||||
-rw-r--r-- | cve/published/2021/CVE-2021-47181.sha1 | 1 |
4 files changed, 136 insertions, 0 deletions
diff --git a/cve/reserved/2021/CVE-2021-47181 b/cve/published/2021/CVE-2021-47181 index e69de29b..e69de29b 100644 --- a/cve/reserved/2021/CVE-2021-47181 +++ b/cve/published/2021/CVE-2021-47181 diff --git a/cve/published/2021/CVE-2021-47181.json b/cve/published/2021/CVE-2021-47181.json new file mode 100644 index 00000000..f56fb23f --- /dev/null +++ b/cve/published/2021/CVE-2021-47181.json @@ -0,0 +1,90 @@ +{ + "containers": { + "cna": { + "providerMetadata": { + "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" + }, + "descriptions": [ + { + "lang": "en", + "value": "USB: gadget: bRequestType is a bitfield, not a enum\n\nSzymon rightly pointed out that the previous check for the endpoint\ndirection in bRequestType was not looking at only the bit involved, but\nrather the whole value. Normally this is ok, but for some request\ntypes, bits other than bit 8 could be set and the check for the endpoint\nlength could not stall correctly.\n\nFix that up by only checking the single bit." + } + ], + "affected": [ + { + "product": "Linux", + "vendor": "Linux", + "defaultStatus": "affected", + "versions": [ + { + "version": "4.4.295", + "lessThan": "4.4.296", + "status": "affected", + "versionType": "custom" + }, + { + "version": "4.9.293", + "lessThan": "4.9.294", + "status": "affected", + "versionType": "custom" + }, + { + "version": "4.14.258", + "lessThan": "4.14.259", + "status": "affected", + "versionType": "custom" + }, + { + "version": "4.19.221", + "lessThan": "4.19.222", + "status": "affected", + "versionType": "custom" + }, + { + "version": "5.4.165", + "lessThan": "5.4.168", + "status": "affected", + "versionType": "custom" + }, + { + "version": "5.10.85", + "lessThan": "5.10.88", + "status": "affected", + "versionType": "custom" + }, + { + "version": "5.15.8", + "lessThan": "5.15.11", + "status": "affected", + "versionType": "custom" + }, + { + "version": "4.4.295", + "lessThan": "5.16", + "status": "affected", + "versionType": "custom" + } + ] + } + ], + "references": [ + { + "url": "https://git.kernel.org/stable/linux/c/f08adf5add9a071160c68bb2a61d697f39ab0758" + } + ], + "title": "USB: gadget: bRequestType is a bitfield, not a enum", + "x_generator": { + "engine": "bippy-8e45bd7fd5ec" + } + } + }, + "cveMetadata": { + "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", + "cveID": "CVE-2021-47181", + "requesterUserId": "gregkh@linuxfoundation.org", + "serial": "1", + "state": "PUBLISHED" + }, + "dataType": "CVE_RECORD", + "dataVersion": "5.0" +} diff --git a/cve/published/2021/CVE-2021-47181.mbox b/cve/published/2021/CVE-2021-47181.mbox new file mode 100644 index 00000000..2d28d3b9 --- /dev/null +++ b/cve/published/2021/CVE-2021-47181.mbox @@ -0,0 +1,45 @@ +From: Linux Kernel CVE team <cve@kernel.org> +Subject: CVE-2021-47181: USB: gadget: bRequestType is a bitfield, not a enum + +Description +=========== + +USB: gadget: bRequestType is a bitfield, not a enum + +Szymon rightly pointed out that the previous check for the endpoint +direction in bRequestType was not looking at only the bit involved, but +rather the whole value. Normally this is ok, but for some request +types, bits other than bit 8 could be set and the check for the endpoint +length could not stall correctly. + +Fix that up by only checking the single bit. + +The Linux kernel CVE team has assigned CVE-2021-47181 to this issue. + + +Mitigation +========== + +The individual change to resolve this issue can be found at: + https://git.kernel.org/stable/linux/c/f08adf5add9a071160c68bb2a61d697f39ab0758 + + +Affected versions +================= + Issue introduced in 4.4.295 and fixed in 4.4.296 + Issue introduced in 4.9.293 and fixed in 4.9.294 + Issue introduced in 4.14.258 and fixed in 4.14.259 + Issue introduced in 4.19.221 and fixed in 4.19.222 + Issue introduced in 5.4.165 and fixed in 5.4.168 + Issue introduced in 5.10.85 and fixed in 5.10.88 + Issue introduced in 5.15.8 and fixed in 5.15.11 + Issue introduced in 4.4.295 and fixed in 5.16 + + +Recomendation +============= +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are not tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. diff --git a/cve/published/2021/CVE-2021-47181.sha1 b/cve/published/2021/CVE-2021-47181.sha1 new file mode 100644 index 00000000..3e72bd36 --- /dev/null +++ b/cve/published/2021/CVE-2021-47181.sha1 @@ -0,0 +1 @@ +f08adf5add9a071160c68bb2a61d697f39ab0758 |