{ "containers": { "cna": { "providerMetadata": { "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: fix a crash if ->get_sset_count() fails\n\nIf ds->ops->get_sset_count() fails then it \"count\" is a negative error\ncode such as -EOPNOTSUPP. Because \"i\" is an unsigned int, the negative\nerror code is type promoted to a very high value and the loop will\ncorrupt memory until the system crashes.\n\nFix this by checking for error codes and changing the type of \"i\" to\njust int." } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "net/dsa/master.c" ], "versions": [ { "version": "badf3ada60ab", "lessThan": "0f2cb08c57ed", "status": "affected", "versionType": "git" }, { "version": "badf3ada60ab", "lessThan": "ce5355f140a7", "status": "affected", "versionType": "git" }, { "version": "badf3ada60ab", "lessThan": "caff86f85512", "status": "affected", "versionType": "git" }, { "version": "badf3ada60ab", "lessThan": "7b22466648a4", "status": "affected", "versionType": "git" }, { "version": "badf3ada60ab", "lessThan": "a269333fa5c0", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "net/dsa/master.c" ], "versions": [ { "version": "4.7", "status": "affected" }, { "version": "0", "lessThan": "4.7", "status": "unaffected", "versionType": "custom" }, { "version": "4.19.193", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.4.124", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.10.42", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.12.9", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "custom" }, { "version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/0f2cb08c57edefb0e7b5045e0e3e9980a3d3aa37" }, { "url": "https://git.kernel.org/stable/c/ce5355f140a7987011388c7e30c4f8fbe180d3e8" }, { "url": "https://git.kernel.org/stable/c/caff86f85512b8e0d9830e8b8b0dfe13c68ce5b6" }, { "url": "https://git.kernel.org/stable/c/7b22466648a4f8e3e94f57ca428d1531866d1373" }, { "url": "https://git.kernel.org/stable/c/a269333fa5c0c8e53c92b5a28a6076a28cde3e83" } ], "title": "net: dsa: fix a crash if ->get_sset_count() fails", "x_generator": { "engine": "bippy-a5840b7849dd" } } }, "cveMetadata": { "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", "cveID": "CVE-2021-47159", "requesterUserId": "gregkh@kernel.org", "serial": "1", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }