NVD Vulnerability Detail

CVE-2021-3491

Summary	The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/<PID>/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b ("io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c ("io_uring: add IORING_OP_PROVIDE_BUFFERS") (v5.7-rc1).
Publication Date	June 4, 2021, 11:15 a.m.
Registration Date	June 4, 2021, 4 p.m.
Last Update	Nov. 21, 2024, 3:21 p.m.

Affected software configurations

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:20.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:21.04:::::::*

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db	Patch Vendor Advisory
2	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db	Patch Vendor Advisory
3	https://security.netapp.com/advisory/ntap-20210716-0004/	Third Party Advisory
4	https://security.netapp.com/advisory/ntap-20210716-0004/	Third Party Advisory
5	https://ubuntu.com/security/notices/USN-4949-1	Third Party Advisory
6	https://ubuntu.com/security/notices/USN-4949-1	Third Party Advisory
7	https://ubuntu.com/security/notices/USN-4950-1	Third Party Advisory
8	https://ubuntu.com/security/notices/USN-4950-1	Third Party Advisory
9	https://www.openwall.com/lists/oss-security/2021/05/11/13	Mailing List Patch Third Party Advisory
10	https://www.openwall.com/lists/oss-security/2021/05/11/13	Mailing List Patch Third Party Advisory
11	https://www.zerodayinitiative.com/advisories/ZDI-21-589/	Third Party Advisory VDB Entry
12	https://www.zerodayinitiative.com/advisories/ZDI-21-589/	Third Party Advisory VDB Entry

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-787	境界外書き込み	https://cwe.mitre.org/data/definitions/787.html

JVN Vulnerability Information

Linux Kernel における境界外書き込みに関する脆弱性

Title	Linux Kernel における境界外書き込みに関する脆弱性
Summary	Linux Kernel には、境界外書き込みに関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 5, 2021, midnight
Registration Date	Aug. 30, 2022, 10:42 a.m.
Last Update	Aug. 30, 2022, 10:42 a.m.

Affected System

Canonical

Ubuntu

Linux

Linux Kernel

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2021-3491	https://www.cve.org/CVERecord?id=CVE-2021-3491
National Vulnerability Database (NVD)
2	CVE-2021-3491	https://nvd.nist.gov/vuln/detail/CVE-2021-3491

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-787	https://cwe.mitre.org/data/definitions/787.html

ベンダー情報

No	Name	URL
Linux Kernel
1	Linux Kernel Archives	http://www.kernel.org
Linux kernel source tree
2	io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db
Ubuntu Security Notice
3	USN-4949-1	https://ubuntu.com/security/notices/USN-4949-1
4	USN-4950-1	https://ubuntu.com/security/notices/USN-4950-1

その他

No	Name	URL
関連文書
1	Hash Suite - Windows password security audit tool. GUI, reports in PDF.	https://www.openwall.com/lists/oss-security/2021/05/11/13

Change Log

No	Changed Details	Date of change
1	[2022年08月09日] 掲載	Aug. 9, 2022, 10:28 a.m.