SB2024060821 - Buffer overflow in Linux kernel hw qib driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2021-47485)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the qib_user_sdma_num_pages(), qib_user_sdma_free_pkt_frag(), qib_user_sdma_pin_pkt() and qib_user_sdma_queue_pkts() functions in drivers/infiniband/hw/qib/qib_user_sdma.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/bda41654b6e0c125a624ca35d6d20beb8015b5d0
• https://git.kernel.org/stable/c/3f57c3f67fd93b4da86aeffea1ca32c484d054ad
• https://git.kernel.org/stable/c/60833707b968d5ae02a75edb7886dcd4a957cf0d
• https://git.kernel.org/stable/c/73d2892148aa4397a885b4f4afcfc5b27a325c42
• https://git.kernel.org/stable/c/0f8cdfff06829a0b0348b6debc29ff6a61967724
• https://git.kernel.org/stable/c/c3e17e58f571f34c51aeb17274ed02c2ed5cf780
• https://git.kernel.org/stable/c/0d4395477741608d123dad51def9fe50b7ebe952
• https://git.kernel.org/stable/c/d39bf40e55e666b5905fdbd46a0dced030ce87be
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.255
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.216
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.292
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.290
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.77
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.157