{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2021-47576", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-24T15:11:00.730Z", "datePublished": "2024-06-19T14:53:44.725Z", "dateUpdated": "2026-05-11T13:57:14.281Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T13:57:14.281Z" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()\n\nIn resp_mode_select() sanity check the block descriptor len to avoid UAF.\n\nBUG: KASAN: use-after-free in resp_mode_select+0xa4c/0xb40 drivers/scsi/scsi_debug.c:2509\nRead of size 1 at addr ffff888026670f50 by task scsicmd/15032\n\nCPU: 1 PID: 15032 Comm: scsicmd Not tainted 5.15.0-01d0625 #15\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nCall Trace:\n \n dump_stack_lvl+0x89/0xb5 lib/dump_stack.c:107\n print_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:257\n kasan_report.cold.14+0x7d/0x117 mm/kasan/report.c:443\n __asan_report_load1_noabort+0x14/0x20 mm/kasan/report_generic.c:306\n resp_mode_select+0xa4c/0xb40 drivers/scsi/scsi_debug.c:2509\n schedule_resp+0x4af/0x1a10 drivers/scsi/scsi_debug.c:5483\n scsi_debug_queuecommand+0x8c9/0x1e70 drivers/scsi/scsi_debug.c:7537\n scsi_queue_rq+0x16b4/0x2d10 drivers/scsi/scsi_lib.c:1521\n blk_mq_dispatch_rq_list+0xb9b/0x2700 block/blk-mq.c:1640\n __blk_mq_sched_dispatch_requests+0x28f/0x590 block/blk-mq-sched.c:325\n blk_mq_sched_dispatch_requests+0x105/0x190 block/blk-mq-sched.c:358\n __blk_mq_run_hw_queue+0xe5/0x150 block/blk-mq.c:1762\n __blk_mq_delay_run_hw_queue+0x4f8/0x5c0 block/blk-mq.c:1839\n blk_mq_run_hw_queue+0x18d/0x350 block/blk-mq.c:1891\n blk_mq_sched_insert_request+0x3db/0x4e0 block/blk-mq-sched.c:474\n blk_execute_rq_nowait+0x16b/0x1c0 block/blk-exec.c:63\n sg_common_write.isra.18+0xeb3/0x2000 drivers/scsi/sg.c:837\n sg_new_write.isra.19+0x570/0x8c0 drivers/scsi/sg.c:775\n sg_ioctl_common+0x14d6/0x2710 drivers/scsi/sg.c:941\n sg_ioctl+0xa2/0x180 drivers/scsi/sg.c:1166\n __x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:52\n do_syscall_64+0x3a/0x80 arch/x86/entry/common.c:50\n entry_SYSCALL_64_after_hwframe+0x44/0xae arch/x86/entry/entry_64.S:113" } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "drivers/scsi/scsi_debug.c" ], "versions": [ { "version": "231839102b54512ced7d3ee7fc9b8bcf5e3b583b", "lessThan": "adcecd50da6cab7b4957cba0606771dcc846c5a9", "status": "affected", "versionType": "git" }, { "version": "231839102b54512ced7d3ee7fc9b8bcf5e3b583b", "lessThan": "90491283b4064220682e4b0687d07b05df01e3bf", "status": "affected", "versionType": "git" }, { "version": "231839102b54512ced7d3ee7fc9b8bcf5e3b583b", "lessThan": "04181973c38f3d6a353f9246dcf7fee08024fd9e", "status": "affected", "versionType": "git" }, { "version": "231839102b54512ced7d3ee7fc9b8bcf5e3b583b", "lessThan": "b847ecff850719c46c95acd25a0d555dfd16e10d", "status": "affected", "versionType": "git" }, { "version": "231839102b54512ced7d3ee7fc9b8bcf5e3b583b", "lessThan": "a9078e791426c2cbbdf28a320c3670f6e0a611e6", "status": "affected", "versionType": "git" }, { "version": "231839102b54512ced7d3ee7fc9b8bcf5e3b583b", "lessThan": "dfc3fff63793c571147930b13c0f8c689c4281ac", "status": "affected", "versionType": "git" }, { "version": "231839102b54512ced7d3ee7fc9b8bcf5e3b583b", "lessThan": "e0a2c28da11e2c2b963fc01d50acbf03045ac732", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "drivers/scsi/scsi_debug.c" ], "versions": [ { "version": "2.6.19", "status": "affected" }, { "version": "0", "lessThan": "2.6.19", "status": "unaffected", "versionType": "semver" }, { "version": "4.9.294", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver" }, { "version": "4.14.259", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver" }, { "version": "4.19.222", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.4.168", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.10.88", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.15.11", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.19", "versionEndExcluding": "4.9.294" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.19", "versionEndExcluding": "4.14.259" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.19", "versionEndExcluding": "4.19.222" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.19", "versionEndExcluding": "5.4.168" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.19", "versionEndExcluding": "5.10.88" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.19", "versionEndExcluding": "5.15.11" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.19", "versionEndExcluding": "5.16" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/adcecd50da6cab7b4957cba0606771dcc846c5a9" }, { "url": "https://git.kernel.org/stable/c/90491283b4064220682e4b0687d07b05df01e3bf" }, { "url": "https://git.kernel.org/stable/c/04181973c38f3d6a353f9246dcf7fee08024fd9e" }, { "url": "https://git.kernel.org/stable/c/b847ecff850719c46c95acd25a0d555dfd16e10d" }, { "url": "https://git.kernel.org/stable/c/a9078e791426c2cbbdf28a320c3670f6e0a611e6" }, { "url": "https://git.kernel.org/stable/c/dfc3fff63793c571147930b13c0f8c689c4281ac" }, { "url": "https://git.kernel.org/stable/c/e0a2c28da11e2c2b963fc01d50acbf03045ac732" } ], "title": "scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()", "x_generator": { "engine": "bippy-1.2.0" } }, "adp": [ { "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.644Z" }, "title": "CVE Program Container", "references": [ { "url": "https://git.kernel.org/stable/c/adcecd50da6cab7b4957cba0606771dcc846c5a9", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/90491283b4064220682e4b0687d07b05df01e3bf", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/04181973c38f3d6a353f9246dcf7fee08024fd9e", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/b847ecff850719c46c95acd25a0d555dfd16e10d", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/a9078e791426c2cbbdf28a320c3670f6e0a611e6", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/dfc3fff63793c571147930b13c0f8c689c4281ac", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/e0a2c28da11e2c2b963fc01d50acbf03045ac732", "tags": [ "x_transferred" ] } ] }, { "metrics": [ { "other": { "type": "ssvc", "content": { "id": "CVE-2021-47576", "role": "CISA Coordinator", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "version": "2.0.3", "timestamp": "2024-09-10T17:12:55.832156Z" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:53.167Z" } } ] } }