We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2021-4439

isdn: cpai: check ctr->cnr to avoid array index out of bound



Description

In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->task = kthread_run(cmtp_session, session, "kcmtpd_ctr_%d", session->num); During this process, the kernel thread would call detach_capi_ctr() to detach a register controller. if the controller was not attached yet, detach_capi_ctr() would trigger an array-index-out-bounds bug. [ 46.866069][ T6479] UBSAN: array-index-out-of-bounds in drivers/isdn/capi/kcapi.c:483:21 [ 46.867196][ T6479] index -1 is out of range for type 'capi_ctr *[32]' [ 46.867982][ T6479] CPU: 1 PID: 6479 Comm: kcmtpd_ctr_0 Not tainted 5.15.0-rc2+ #8 [ 46.869002][ T6479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 [ 46.870107][ T6479] Call Trace: [ 46.870473][ T6479] dump_stack_lvl+0x57/0x7d [ 46.870974][ T6479] ubsan_epilogue+0x5/0x40 [ 46.871458][ T6479] __ubsan_handle_out_of_bounds.cold+0x43/0x48 [ 46.872135][ T6479] detach_capi_ctr+0x64/0xc0 [ 46.872639][ T6479] cmtp_session+0x5c8/0x5d0 [ 46.873131][ T6479] ? __init_waitqueue_head+0x60/0x60 [ 46.873712][ T6479] ? cmtp_add_msgpart+0x120/0x120 [ 46.874256][ T6479] kthread+0x147/0x170 [ 46.874709][ T6479] ? set_kthread_struct+0x40/0x40 [ 46.875248][ T6479] ret_from_fork+0x1f/0x30 [ 46.875773][ T6479]

Reserved 2024-06-20 | Published 2024-06-20 | Updated 2024-12-19 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before e8b8de17e164c9f1b7777f1c6f99d05539000036
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 24219a977bfe3d658687e45615c70998acdbac5a
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 9b6b2db77bc3121fe435f1d4b56e34de443bec75
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 7d91adc0ccb060ce564103315189466eb822cc6a
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 285e9210b1fab96a11c0be3ed5cea9dd48b6ac54
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 7f221ccbee4ec662e2292d490a43ce6c314c4594
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before cc20226e218a2375d50dd9ac14fb4121b43375ff
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 1f3e2e97c003f80c4b087092b225c8787ff91e4d
affected

Default status
affected

4.4.290
unaffected

4.9.288
unaffected

4.14.253
unaffected

4.19.214
unaffected

5.4.156
unaffected

5.10.76
unaffected

5.14.15
unaffected

5.15
unaffected

References

git.kernel.org/...c/e8b8de17e164c9f1b7777f1c6f99d05539000036

git.kernel.org/...c/24219a977bfe3d658687e45615c70998acdbac5a

git.kernel.org/...c/9b6b2db77bc3121fe435f1d4b56e34de443bec75

git.kernel.org/...c/7d91adc0ccb060ce564103315189466eb822cc6a

git.kernel.org/...c/285e9210b1fab96a11c0be3ed5cea9dd48b6ac54

git.kernel.org/...c/7f221ccbee4ec662e2292d490a43ce6c314c4594

git.kernel.org/...c/cc20226e218a2375d50dd9ac14fb4121b43375ff

git.kernel.org/...c/1f3e2e97c003f80c4b087092b225c8787ff91e4d

cve.org (CVE-2021-4439)

nvd.nist.gov (CVE-2021-4439)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2021-4439

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.