{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2021-47274",
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "state": "PUBLISHED",
        "assignerShortName": "Linux",
        "dateReserved": "2024-05-21T13:27:52.127Z",
        "datePublished": "2024-05-21T14:20:02.694Z",
        "dateUpdated": "2024-08-04T05:32:07.995Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
                "shortName": "Linux",
                "dateUpdated": "2024-05-29T05:05:05.763Z"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Correct the length check which causes memory corruption\n\nWe've suffered from severe kernel crashes due to memory corruption on\nour production environment, like,\n\nCall Trace:\n[1640542.554277] general protection fault: 0000 [#1] SMP PTI\n[1640542.554856] CPU: 17 PID: 26996 Comm: python Kdump: loaded Tainted:G\n[1640542.556629] RIP: 0010:kmem_cache_alloc+0x90/0x190\n[1640542.559074] RSP: 0018:ffffb16faa597df8 EFLAGS: 00010286\n[1640542.559587] RAX: 0000000000000000 RBX: 0000000000400200 RCX:\n0000000006e931bf\n[1640542.560323] RDX: 0000000006e931be RSI: 0000000000400200 RDI:\nffff9a45ff004300\n[1640542.560996] RBP: 0000000000400200 R08: 0000000000023420 R09:\n0000000000000000\n[1640542.561670] R10: 0000000000000000 R11: 0000000000000000 R12:\nffffffff9a20608d\n[1640542.562366] R13: ffff9a45ff004300 R14: ffff9a45ff004300 R15:\n696c662f65636976\n[1640542.563128] FS:  00007f45d7c6f740(0000) GS:ffff9a45ff840000(0000)\nknlGS:0000000000000000\n[1640542.563937] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[1640542.564557] CR2: 00007f45d71311a0 CR3: 000000189d63e004 CR4:\n00000000003606e0\n[1640542.565279] DR0: 0000000000000000 DR1: 0000000000000000 DR2:\n0000000000000000\n[1640542.566069] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:\n0000000000000400\n[1640542.566742] Call Trace:\n[1640542.567009]  anon_vma_clone+0x5d/0x170\n[1640542.567417]  __split_vma+0x91/0x1a0\n[1640542.567777]  do_munmap+0x2c6/0x320\n[1640542.568128]  vm_munmap+0x54/0x70\n[1640542.569990]  __x64_sys_munmap+0x22/0x30\n[1640542.572005]  do_syscall_64+0x5b/0x1b0\n[1640542.573724]  entry_SYSCALL_64_after_hwframe+0x44/0xa9\n[1640542.575642] RIP: 0033:0x7f45d6e61e27\n\nJames Wang has reproduced it stably on the latest 4.19 LTS.\nAfter some debugging, we finally proved that it's due to ftrace\nbuffer out-of-bound access using a debug tool as follows:\n[   86.775200] BUG: Out-of-bounds write at addr 0xffff88aefe8b7000\n[   86.780806]  no_context+0xdf/0x3c0\n[   86.784327]  __do_page_fault+0x252/0x470\n[   86.788367]  do_page_fault+0x32/0x140\n[   86.792145]  page_fault+0x1e/0x30\n[   86.795576]  strncpy_from_unsafe+0x66/0xb0\n[   86.799789]  fetch_memory_string+0x25/0x40\n[   86.804002]  fetch_deref_string+0x51/0x60\n[   86.808134]  kprobe_trace_func+0x32d/0x3a0\n[   86.812347]  kprobe_dispatcher+0x45/0x50\n[   86.816385]  kprobe_ftrace_handler+0x90/0xf0\n[   86.820779]  ftrace_ops_assist_func+0xa1/0x140\n[   86.825340]  0xffffffffc00750bf\n[   86.828603]  do_sys_open+0x5/0x1f0\n[   86.832124]  do_syscall_64+0x5b/0x1b0\n[   86.835900]  entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\ncommit b220c049d519 (\"tracing: Check length before giving out\nthe filter buffer\") adds length check to protect trace data\noverflow introduced in 0fc1b09ff1ff, seems that this fix can't prevent\noverflow entirely, the length check should also take the sizeof\nentry->array[0] into account, since this array[0] is filled the\nlength of trace data and occupy addtional space and risk overflow."
                }
            ],
            "affected": [
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "unaffected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "kernel/trace/trace.c"
                    ],
                    "versions": [
                        {
                            "version": "2e584b1a02ee",
                            "lessThan": "edcce01e0e50",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "e46d43375442",
                            "lessThan": "2d5989027998",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "0572fc6a510a",
                            "lessThan": "31ceae385556",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "a0997a86f5c0",
                            "lessThan": "d63f00ec908b",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "7c93d8cff582",
                            "lessThan": "43c32c22254b",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "b220c049d519",
                            "lessThan": "b16a249eca22",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "b220c049d519",
                            "lessThan": "3e08a9f9760f",
                            "status": "affected",
                            "versionType": "git"
                        }
                    ]
                },
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "affected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "kernel/trace/trace.c"
                    ],
                    "versions": [
                        {
                            "version": "5.11",
                            "status": "affected"
                        },
                        {
                            "version": "0",
                            "lessThan": "5.11",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "4.9.273",
                            "lessThanOrEqual": "4.9.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "4.14.237",
                            "lessThanOrEqual": "4.14.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "4.19.195",
                            "lessThanOrEqual": "4.19.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.4.126",
                            "lessThanOrEqual": "5.4.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.10.44",
                            "lessThanOrEqual": "5.10.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.12.11",
                            "lessThanOrEqual": "5.12.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.13",
                            "lessThanOrEqual": "*",
                            "status": "unaffected",
                            "versionType": "original_commit_for_fix"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "url": "https://git.kernel.org/stable/c/edcce01e0e50840a9aa6a70baed21477bdd2c9f9"
                },
                {
                    "url": "https://git.kernel.org/stable/c/2d598902799886d67947406f26ee8e5fd2ca097f"
                },
                {
                    "url": "https://git.kernel.org/stable/c/31ceae385556c37e4d286cb6378696448f566883"
                },
                {
                    "url": "https://git.kernel.org/stable/c/d63f00ec908b3be635ead5d6029cc94246e1f38d"
                },
                {
                    "url": "https://git.kernel.org/stable/c/43c32c22254b9328d7abb1c2b0f689dc67838e60"
                },
                {
                    "url": "https://git.kernel.org/stable/c/b16a249eca2230c2cd66fa1d4b94743bd9b6ef92"
                },
                {
                    "url": "https://git.kernel.org/stable/c/3e08a9f9760f4a70d633c328a76408e62d6f80a3"
                }
            ],
            "title": "tracing: Correct the length check which causes memory corruption",
            "x_generator": {
                "engine": "bippy-a5840b7849dd"
            }
        },
        "adp": [
            {
                "problemTypes": [
                    {
                        "descriptions": [
                            {
                                "type": "CWE",
                                "cweId": "CWE-125",
                                "lang": "en",
                                "description": "CWE-125 Out-of-bounds Read"
                            }
                        ]
                    }
                ],
                "affected": [
                    {
                        "vendor": "linux",
                        "product": "linux_kernel",
                        "cpes": [
                            "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "2e584b1a02ee",
                                "status": "affected",
                                "lessThan": "edcce01e0e50",
                                "versionType": "custom"
                            }
                        ]
                    },
                    {
                        "vendor": "linux",
                        "product": "linux_kernel",
                        "cpes": [
                            "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "e46d43375442",
                                "status": "affected",
                                "lessThan": "2d5989027998",
                                "versionType": "custom"
                            }
                        ]
                    },
                    {
                        "vendor": "linux",
                        "product": "linux_kernel",
                        "cpes": [
                            "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "0572fc6a510a",
                                "status": "affected",
                                "lessThan": "31ceae385556",
                                "versionType": "custom"
                            }
                        ]
                    },
                    {
                        "vendor": "linux",
                        "product": "linux_kernel",
                        "cpes": [
                            "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "a0997a86f5c0",
                                "status": "affected",
                                "lessThan": "d63f00ec908b",
                                "versionType": "custom"
                            }
                        ]
                    },
                    {
                        "vendor": "linux",
                        "product": "linux_kernel",
                        "cpes": [
                            "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "7c93d8cff582",
                                "status": "affected",
                                "lessThan": "43c32c22254b",
                                "versionType": "custom"
                            }
                        ]
                    },
                    {
                        "vendor": "linux",
                        "product": "linux_kernel",
                        "cpes": [
                            "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "b220c049d519",
                                "status": "affected",
                                "lessThan": "b16a249eca22",
                                "versionType": "custom"
                            }
                        ]
                    },
                    {
                        "vendor": "linux",
                        "product": "linux_kernel",
                        "cpes": [
                            "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "b220c049d519",
                                "status": "affected",
                                "lessThan": "3e08a9f9760f",
                                "versionType": "custom"
                            }
                        ]
                    },
                    {
                        "vendor": "linux",
                        "product": "linux_kernel",
                        "cpes": [
                            "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "5.11",
                                "status": "affected"
                            }
                        ]
                    },
                    {
                        "vendor": "linux",
                        "product": "linux_kernel",
                        "cpes": [
                            "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "0",
                                "status": "unaffected",
                                "lessThan": "5.11",
                                "versionType": "custom"
                            }
                        ]
                    },
                    {
                        "vendor": "linux",
                        "product": "linux_kernel",
                        "cpes": [
                            "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "4.9.273",
                                "status": "unaffected",
                                "lessThanOrEqual": "5.0",
                                "versionType": "custom"
                            }
                        ]
                    },
                    {
                        "vendor": "linux",
                        "product": "linux_kernel",
                        "cpes": [
                            "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "4.14.237",
                                "status": "unaffected",
                                "lessThanOrEqual": "4.15",
                                "versionType": "custom"
                            }
                        ]
                    },
                    {
                        "vendor": "linux",
                        "product": "linux_kernel",
                        "cpes": [
                            "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "4.19.195",
                                "status": "unaffected",
                                "lessThanOrEqual": "4.20",
                                "versionType": "custom"
                            }
                        ]
                    },
                    {
                        "vendor": "linux",
                        "product": "linux_kernel",
                        "cpes": [
                            "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "5.4.126",
                                "status": "unaffected",
                                "lessThanOrEqual": "5.5",
                                "versionType": "custom"
                            }
                        ]
                    },
                    {
                        "vendor": "linux",
                        "product": "linux_kernel",
                        "cpes": [
                            "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "5.10.44",
                                "status": "unaffected",
                                "lessThanOrEqual": "5.11",
                                "versionType": "custom"
                            }
                        ]
                    },
                    {
                        "vendor": "linux",
                        "product": "linux_kernel",
                        "cpes": [
                            "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "5.12.11",
                                "status": "unaffected",
                                "lessThanOrEqual": "5.13",
                                "versionType": "custom"
                            }
                        ]
                    },
                    {
                        "vendor": "linux",
                        "product": "linux_kernel",
                        "cpes": [
                            "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
                        ],
                        "defaultStatus": "unknown",
                        "versions": [
                            {
                                "version": "5.13",
                                "status": "unaffected"
                            }
                        ]
                    }
                ],
                "metrics": [
                    {
                        "cvssV3_1": {
                            "scope": "UNCHANGED",
                            "version": "3.1",
                            "baseScore": 9.8,
                            "attackVector": "NETWORK",
                            "baseSeverity": "CRITICAL",
                            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                            "integrityImpact": "HIGH",
                            "userInteraction": "NONE",
                            "attackComplexity": "LOW",
                            "availabilityImpact": "HIGH",
                            "privilegesRequired": "NONE",
                            "confidentialityImpact": "HIGH"
                        }
                    },
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "timestamp": "2024-06-06T18:18:56.660554Z",
                                "id": "CVE-2021-47274",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "yes"
                                    },
                                    {
                                        "Technical Impact": "total"
                                    }
                                ],
                                "role": "CISA Coordinator",
                                "version": "2.0.3"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-06-06T18:44:15.427Z"
                }
            },
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-04T05:32:07.995Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://git.kernel.org/stable/c/edcce01e0e50840a9aa6a70baed21477bdd2c9f9",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/2d598902799886d67947406f26ee8e5fd2ca097f",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/31ceae385556c37e4d286cb6378696448f566883",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/d63f00ec908b3be635ead5d6029cc94246e1f38d",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/43c32c22254b9328d7abb1c2b0f689dc67838e60",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/b16a249eca2230c2cd66fa1d4b94743bd9b6ef92",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/3e08a9f9760f4a70d633c328a76408e62d6f80a3",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            }
        ]
    }
}