{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T13:30:45.130","vulnerabilities":[{"cve":{"id":"CVE-2021-4439","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-06-20T12:15:10.447","lastModified":"2024-11-21T06:37:44.080","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nisdn: cpai: check ctr->cnr to avoid array index out of bound\n\nThe cmtp_add_connection() would add a cmtp session to a controller\nand run a kernel thread to process cmtp.\n\n\t__module_get(THIS_MODULE);\n\tsession->task = kthread_run(cmtp_session, session, \"kcmtpd_ctr_%d\",\n\t\t\t\t\t\t\t\tsession->num);\n\nDuring this process, the kernel thread would call detach_capi_ctr()\nto detach a register controller. if the controller\nwas not attached yet, detach_capi_ctr() would\ntrigger an array-index-out-bounds bug.\n\n[   46.866069][ T6479] UBSAN: array-index-out-of-bounds in\ndrivers/isdn/capi/kcapi.c:483:21\n[   46.867196][ T6479] index -1 is out of range for type 'capi_ctr *[32]'\n[   46.867982][ T6479] CPU: 1 PID: 6479 Comm: kcmtpd_ctr_0 Not tainted\n5.15.0-rc2+ #8\n[   46.869002][ T6479] Hardware name: QEMU Standard PC (i440FX + PIIX,\n1996), BIOS 1.14.0-2 04/01/2014\n[   46.870107][ T6479] Call Trace:\n[   46.870473][ T6479]  dump_stack_lvl+0x57/0x7d\n[   46.870974][ T6479]  ubsan_epilogue+0x5/0x40\n[   46.871458][ T6479]  __ubsan_handle_out_of_bounds.cold+0x43/0x48\n[   46.872135][ T6479]  detach_capi_ctr+0x64/0xc0\n[   46.872639][ T6479]  cmtp_session+0x5c8/0x5d0\n[   46.873131][ T6479]  ? __init_waitqueue_head+0x60/0x60\n[   46.873712][ T6479]  ? cmtp_add_msgpart+0x120/0x120\n[   46.874256][ T6479]  kthread+0x147/0x170\n[   46.874709][ T6479]  ? set_kthread_struct+0x40/0x40\n[   46.875248][ T6479]  ret_from_fork+0x1f/0x30\n[   46.875773][ T6479]"},{"lang":"es","value":"En el kernel de Linux, se resolvió la siguiente vulnerabilidad: isdn: cpai: verifique ctr->cnr para evitar que el índice de matriz esté fuera de límite. cmtp_add_connection() agregaría una sesión cmtp a un controlador y ejecutaría un subproceso del kernel para procesar cmtp. __module_get(ESTE_MÓDULO); sesión->tarea = kthread_run(cmtp_session, sesión, \"kcmtpd_ctr_%d\", sesión->num); Durante este proceso, el hilo del núcleo llamaría a detach_capi_ctr() para desconectar un controlador de registro. Si el controlador aún no estaba conectado, detach_capi_ctr() desencadenaría un error de los límites de índice de matriz. [ 46.866069][ T6479] UBSAN: índice de matriz fuera de los límites en drivers/isdn/capi/kcapi.c:483:21 [ 46.867196][ T6479] el índice -1 está fuera de rango para el tipo 'capi_ctr *[ 32]' [ 46.867982][ T6479] CPU: 1 PID: 6479 Comm: kcmtpd_ctr_0 No contaminado 5.15.0-rc2+ #8 [ 46.869002][ T6479] Nombre de hardware: PC estándar QEMU (i440FX + PIIX, 1996), BIOS 1.14. 0-2 01/04/2014 [ 46.870107][ T6479] Seguimiento de llamadas: [ 46.870473][ T6479] dump_stack_lvl+0x57/0x7d [ 46.870974][ T6479] ubsan_epilogue+0x5/0x40 [ 46.871458][ T6479 ] __ubsan_handle_out_of_bounds.cold+0x43 /0x48 [ 46.872135][ T6479] detach_capi_ctr+0x64/0xc0 [ 46.872639][ T6479] cmtp_session+0x5c8/0x5d0 [ 46.873131][ T6479] ? __init_waitqueue_head+0x60/0x60 [ 46.873712][ T6479] ? cmtp_add_msgpart+0x120/0x120 [ 46.874256][ T6479] kthread+0x147/0x170 [ 46.874709][ T6479] ? set_kthread_struct+0x40/0x40 [ 46.875248][ T6479] ret_from_fork+0x1f/0x30 [ 46.875773][ T6479]"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-129"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"4.4.290","matchCriteriaId":"C56A8089-600C-4D13-B0BD-0B3B87CAAAEC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"4.9.288","matchCriteriaId":"F99C0BFE-2803-4525-BA2B-EA4F42F8CADE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"4.14.253","matchCriteriaId":"1830428A-CB40-4E7F-A4F9-177A0B9614D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.214","matchCriteriaId":"8491C8F9-93D0-4314-BD59-65E3038494EA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.156","matchCriteriaId":"03015A9C-56AA-4210-9491-CF2FB0F45B9A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.76","matchCriteriaId":"E61528CE-9083-425B-AE36-3791232BF780"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.14.15","matchCriteriaId":"63BD46C4-473F-45F9-93E9-F67D955321D8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*","matchCriteriaId":"E46C74C6-B76B-4C94-A6A4-FD2FFF62D644"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*","matchCriteriaId":"60134C3A-06E4-48C1-B04F-2903732A4E56"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*","matchCriteriaId":"0460DA88-8FE1-46A2-9DDA-1F1ABA552E71"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*","matchCriteriaId":"AF55383D-4DF2-45DC-93F7-571F4F978EAB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.15:rc5:*:*:*:*:*:*","matchCriteriaId":"9E9481B2-8AA6-4CBD-B5D3-C10F51FF6D01"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1f3e2e97c003f80c4b087092b225c8787ff91e4d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/24219a977bfe3d658687e45615c70998acdbac5a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/285e9210b1fab96a11c0be3ed5cea9dd48b6ac54","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7d91adc0ccb060ce564103315189466eb822cc6a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7f221ccbee4ec662e2292d490a43ce6c314c4594","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9b6b2db77bc3121fe435f1d4b56e34de443bec75","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cc20226e218a2375d50dd9ac14fb4121b43375ff","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e8b8de17e164c9f1b7777f1c6f99d05539000036","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1f3e2e97c003f80c4b087092b225c8787ff91e4d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/24219a977bfe3d658687e45615c70998acdbac5a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/285e9210b1fab96a11c0be3ed5cea9dd48b6ac54","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7d91adc0ccb060ce564103315189466eb822cc6a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7f221ccbee4ec662e2292d490a43ce6c314c4594","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9b6b2db77bc3121fe435f1d4b56e34de443bec75","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/cc20226e218a2375d50dd9ac14fb4121b43375ff","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e8b8de17e164c9f1b7777f1c6f99d05539000036","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}