摘要:
In the Linux kernel, the following vulnerability has been resolved:
udmabuf: validate ubuf->pagecount
Syzbot has reported GPF in sg_alloc_append_table_from_pages(). The
problem was in ubuf->pages == ZERO_PTR.
ubuf->pagecount is calculated from arguments passed from user-space. If
user creates udmabuf with list.size == 0 then ubuf->pagecount will be
also equal to zero; it causes kmalloc_array() to return ZERO_PTR.
Fix it by validating ubuf->pagecount before passing it to
kmalloc_array().
安全等级: Low
公告ID: KylinSec-SA-2025-1192
发布日期: 2025年3月3日
关联CVE: CVE-2021-47649
In the Linux kernel, the following vulnerability has been resolved:
udmabuf: validate ubuf->pagecount
Syzbot has reported GPF in sg_alloc_append_table_from_pages(). The
problem was in ubuf->pages == ZERO_PTR.
ubuf->pagecount is calculated from arguments passed from user-space. If
user creates udmabuf with list.size == 0 then ubuf->pagecount will be
also equal to zero; it causes kmalloc_array() to return ZERO_PTR.
Fix it by validating ubuf->pagecount before passing it to
kmalloc_array().
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2021-47649 | KY3.4-5 | kernel | Unaffected |
| CVE-2021-47649 | V6 | kernel | Unaffected |
