{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2021-4439", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-20T12:07:18.155Z", "datePublished": "2024-06-20T12:07:57.944Z", "dateUpdated": "2026-05-11T13:43:56.841Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T13:43:56.841Z" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nisdn: cpai: check ctr->cnr to avoid array index out of bound\n\nThe cmtp_add_connection() would add a cmtp session to a controller\nand run a kernel thread to process cmtp.\n\n\t__module_get(THIS_MODULE);\n\tsession->task = kthread_run(cmtp_session, session, \"kcmtpd_ctr_%d\",\n\t\t\t\t\t\t\t\tsession->num);\n\nDuring this process, the kernel thread would call detach_capi_ctr()\nto detach a register controller. if the controller\nwas not attached yet, detach_capi_ctr() would\ntrigger an array-index-out-bounds bug.\n\n[ 46.866069][ T6479] UBSAN: array-index-out-of-bounds in\ndrivers/isdn/capi/kcapi.c:483:21\n[ 46.867196][ T6479] index -1 is out of range for type 'capi_ctr *[32]'\n[ 46.867982][ T6479] CPU: 1 PID: 6479 Comm: kcmtpd_ctr_0 Not tainted\n5.15.0-rc2+ #8\n[ 46.869002][ T6479] Hardware name: QEMU Standard PC (i440FX + PIIX,\n1996), BIOS 1.14.0-2 04/01/2014\n[ 46.870107][ T6479] Call Trace:\n[ 46.870473][ T6479] dump_stack_lvl+0x57/0x7d\n[ 46.870974][ T6479] ubsan_epilogue+0x5/0x40\n[ 46.871458][ T6479] __ubsan_handle_out_of_bounds.cold+0x43/0x48\n[ 46.872135][ T6479] detach_capi_ctr+0x64/0xc0\n[ 46.872639][ T6479] cmtp_session+0x5c8/0x5d0\n[ 46.873131][ T6479] ? __init_waitqueue_head+0x60/0x60\n[ 46.873712][ T6479] ? cmtp_add_msgpart+0x120/0x120\n[ 46.874256][ T6479] kthread+0x147/0x170\n[ 46.874709][ T6479] ? set_kthread_struct+0x40/0x40\n[ 46.875248][ T6479] ret_from_fork+0x1f/0x30\n[ 46.875773][ T6479]" } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "drivers/isdn/capi/kcapi.c" ], "versions": [ { "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "e8b8de17e164c9f1b7777f1c6f99d05539000036", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "24219a977bfe3d658687e45615c70998acdbac5a", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "9b6b2db77bc3121fe435f1d4b56e34de443bec75", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7d91adc0ccb060ce564103315189466eb822cc6a", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "285e9210b1fab96a11c0be3ed5cea9dd48b6ac54", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "7f221ccbee4ec662e2292d490a43ce6c314c4594", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "cc20226e218a2375d50dd9ac14fb4121b43375ff", "status": "affected", "versionType": "git" }, { "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "1f3e2e97c003f80c4b087092b225c8787ff91e4d", "status": "affected", "versionType": "git" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "drivers/isdn/capi/kcapi.c" ], "versions": [ { "version": "2.6.12", "status": "affected" }, { "version": "0", "lessThan": "2.6.12", "status": "unaffected", "versionType": "semver" }, { "version": "4.4.290", "lessThanOrEqual": "4.4.*", "status": "unaffected", "versionType": "semver" }, { "version": "4.9.288", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver" }, { "version": "4.14.253", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver" }, { "version": "4.19.214", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.4.156", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.10.76", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.14.15", "lessThanOrEqual": "5.14.*", "status": "unaffected", "versionType": "semver" }, { "version": "5.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "4.4.290" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "4.9.288" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "4.14.253" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "4.19.214" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "5.4.156" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "5.10.76" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "5.14.15" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "5.15" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/e8b8de17e164c9f1b7777f1c6f99d05539000036" }, { "url": "https://git.kernel.org/stable/c/24219a977bfe3d658687e45615c70998acdbac5a" }, { "url": "https://git.kernel.org/stable/c/9b6b2db77bc3121fe435f1d4b56e34de443bec75" }, { "url": "https://git.kernel.org/stable/c/7d91adc0ccb060ce564103315189466eb822cc6a" }, { "url": "https://git.kernel.org/stable/c/285e9210b1fab96a11c0be3ed5cea9dd48b6ac54" }, { "url": "https://git.kernel.org/stable/c/7f221ccbee4ec662e2292d490a43ce6c314c4594" }, { "url": "https://git.kernel.org/stable/c/cc20226e218a2375d50dd9ac14fb4121b43375ff" }, { "url": "https://git.kernel.org/stable/c/1f3e2e97c003f80c4b087092b225c8787ff91e4d" } ], "title": "isdn: cpai: check ctr->cnr to avoid array index out of bound", "x_generator": { "engine": "bippy-1.2.0" } }, "adp": [ { "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2024-06-20T14:46:11.140255Z", "id": "CVE-2021-4439", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-20T14:46:30.065Z" } }, { "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:30:07.335Z" }, "title": "CVE Program Container", "references": [ { "url": "https://git.kernel.org/stable/c/e8b8de17e164c9f1b7777f1c6f99d05539000036", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/24219a977bfe3d658687e45615c70998acdbac5a", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/9b6b2db77bc3121fe435f1d4b56e34de443bec75", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/7d91adc0ccb060ce564103315189466eb822cc6a", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/285e9210b1fab96a11c0be3ed5cea9dd48b6ac54", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/7f221ccbee4ec662e2292d490a43ce6c314c4594", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/cc20226e218a2375d50dd9ac14fb4121b43375ff", "tags": [ "x_transferred" ] }, { "url": "https://git.kernel.org/stable/c/1f3e2e97c003f80c4b087092b225c8787ff91e4d", "tags": [ "x_transferred" ] } ] } ] } }