Hi Greg,
09.12.2024 20:03, Vasiliy Kovalev wrote:
The patch titled "scsi: core: Fix scsi_mode_sense() buffer length handling"
addresses CVE-2021-47182, fixing the following issues in `scsi_mode_sense()`
buffer length handling:
1. Incorrect handling of the allocation length field in the MODE SENSE(10)
command, causing truncation of buffer lengths larger than 255 bytes.
2. Memory corruption when handling small buffer lengths due to lack of proper
validation.
CVE announcement in linux-cve-announce:
https://lore.kernel.org/linux-cve-announce/2024041032-CVE-2021-47182-377e@gregkh/
Fixed versions:
- Fixed in 5.15.5 with commit e15de347faf4
- Fixed in 5.16 with commit 17b49bcbf835
Official CVE entry:
https://cve.org/CVERecord/?id=CVE-2021-47182
---
v2: To ensure consistency and completeness of the fixes, this backport
includes all 3 patches from the series [1].
In addition to the first patch that addresses the CVE, the second and
third patches are included, which prevent further regressions and align
with the fixes already backported and proposed for backporting [2] to
the stable 5.15 kernel.
[1] https://lore.kernel.org/all/20210820070255.682775-1-damien.lemoal@xxxxxxx/
[2] https://lore.kernel.org/all/20241209165340.112862-1-kovalev@xxxxxxxxxxxx/
[PATCH 5.10.y 1/3] scsi: core: Fix scsi_mode_sense() buffer length handling
Please add this [1] missing commit from this series to queue 5.10.y.
[1]
https://lore.kernel.org/all/20241209170330.113179-2-kovalev@xxxxxxxxxxxx/
The other two have already been added in 5.10.231:
[PATCH 5.10.y 2/3] scsi: core: Fix scsi_mode_select() buffer length handling
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=154cf95664de63382a397205ea6254ed5b769ec2
[PATCH 5.10.y 3/3] scsi: sd: Fix sd_do_mode_sense() buffer length handling
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=a0777b45095f5ec3c220f074cfc9cc9721a455b0
--
--
Thanks,
Vasiliy
