{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T19:24:56.979","vulnerabilities":[{"cve":{"id":"CVE-2021-47288","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-05-21T15:15:16.867","lastModified":"2024-12-23T16:45:23.720","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()\n\nFix an 11-year old bug in ngene_command_config_free_buf() while\naddressing the following warnings caught with -Warray-bounds:\n\narch/alpha/include/asm/string.h:22:16: warning: '__builtin_memcpy' offset [12, 16] from the object at 'com' is out of the bounds of referenced subobject 'config' with type 'unsigned char' at offset 10 [-Warray-bounds]\narch/x86/include/asm/string_32.h:182:25: warning: '__builtin_memcpy' offset [12, 16] from the object at 'com' is out of the bounds of referenced subobject 'config' with type 'unsigned char' at offset 10 [-Warray-bounds]\n\nThe problem is that the original code is trying to copy 6 bytes of\ndata into a one-byte size member _config_ of the wrong structue\nFW_CONFIGURE_BUFFERS, in a single call to memcpy(). This causes a\nlegitimate compiler warning because memcpy() overruns the length\nof &com.cmd.ConfigureBuffers.config. It seems that the right\nstructure is FW_CONFIGURE_FREE_BUFFERS, instead, because it contains\n6 more members apart from the header _hdr_. Also, the name of\nthe function ngene_command_config_free_buf() suggests that the actual\nintention is to ConfigureFreeBuffers, instead of ConfigureBuffers\n(which takes place in the function ngene_command_config_buf(), above).\n\nFix this by enclosing those 6 members of struct FW_CONFIGURE_FREE_BUFFERS\ninto new struct config, and use &com.cmd.ConfigureFreeBuffers.config as\nthe destination address, instead of &com.cmd.ConfigureBuffers.config,\nwhen calling memcpy().\n\nThis also helps with the ongoing efforts to globally enable\n-Warray-bounds and get us closer to being able to tighten the\nFORTIFY_SOURCE routines on memcpy()."},{"lang":"es","value":"En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medios: ngene: corrige un error fuera de los límites en ngene_command_config_free_buf(). Corrige un error de hace 11 años en ngene_command_config_free_buf() mientras se solucionan las siguientes advertencias detectadas con -Warray-bounds: arch/alpha/include/asm/string.h:22:16: advertencia: el desplazamiento '__builtin_memcpy' [12, 16] del objeto en 'com' está fuera de los límites del subobjeto referenciado 'config' con tipo 'carácter sin firmar ' en el desplazamiento 10 [-Warray-bounds] arch/x86/include/asm/string_32.h:182:25: advertencia: el desplazamiento '__builtin_memcpy' [12, 16] del objeto en 'com' está fuera de los límites de subobjeto referenciado 'config' con tipo 'unsigned char' en el desplazamiento 10 [-Warray-bounds] El problema es que el código original está intentando copiar 6 bytes de datos en un miembro de tamaño de un byte _config_ de la estructura incorrecta FW_CONFIGURE_BUFFERS, en una sola llamada a memcpy(). Esto provoca una advertencia legítima del compilador porque memcpy() sobrepasa la longitud de &com.cmd.ConfigureBuffers.config. Parece que la estructura correcta es FW_CONFIGURE_FREE_BUFFERS, porque contiene 6 miembros más además del encabezado _hdr_. Además, el nombre de la función ngene_command_config_free_buf() sugiere que la intención real es ConfigureFreeBuffers, en lugar de ConfigureBuffers (que tiene lugar en la función ngene_command_config_buf(), arriba). Solucione este problema encerrando esos 6 miembros de la estructura FW_CONFIGURE_FREE_BUFFERS en una nueva configuración de estructura y use &com.cmd.ConfigureFreeBuffers.config como dirección de destino, en lugar de &com.cmd.ConfigureBuffers.config, al llamar a memcpy(). Esto también ayuda con los esfuerzos continuos para habilitar globalmente -Warray-bounds y acercarnos a poder ajustar las rutinas FORTIFY_SOURCE en memcpy()."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.34","versionEndExcluding":"4.4.277","matchCriteriaId":"7D45A9E6-B9E0-4304-BC21-EA9A34A2DB7C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"4.9.277","matchCriteriaId":"B543C082-5612-489A-A957-B7F2B8822025"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"4.14.241","matchCriteriaId":"6A796929-CDBE-45AF-BD44-F357F64AFFCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.199","matchCriteriaId":"D1C5B0E1-06E7-4615-AA17-02585202D86E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.136","matchCriteriaId":"E1FCD98C-8886-4844-B7AF-C42731DF9465"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.54","matchCriteriaId":"1BD5A2EE-859F-40FC-BDAC-167AAE37C870"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.13.6","matchCriteriaId":"512C22FC-1524-4E6F-9E62-4F4B7B6E0576"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.14:rc1:*:*:*:*:*:*","matchCriteriaId":"71268287-21A8-4488-AA4F-23C473153131"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.14:rc2:*:*:*:*:*:*","matchCriteriaId":"23B9E5C6-FAB5-4A02-9E39-27C8787B0991"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4487b968e5eacd02c493303dc2b61150bb7fe4b2","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8d4abca95ecc82fc8c41912fa0085281f19cc29f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b9a178f189bb6d75293573e181928735f5e3e070","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c6ddeb63dd543b5474b0217c4e47538b7ffd7686","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e617fa62f6cf859a7b042cdd6c73af905ff8fca3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e818f2ff648581a6c553ae2bebc5dcef9a8bb90c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e991457afdcb5f4dbc5bc9d79eaf775be33e7092","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ec731c6ef564ee6fc101fc5d73e3a3a953d09a00","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/4487b968e5eacd02c493303dc2b61150bb7fe4b2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8d4abca95ecc82fc8c41912fa0085281f19cc29f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b9a178f189bb6d75293573e181928735f5e3e070","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c6ddeb63dd543b5474b0217c4e47538b7ffd7686","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e617fa62f6cf859a7b042cdd6c73af905ff8fca3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e818f2ff648581a6c553ae2bebc5dcef9a8bb90c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e991457afdcb5f4dbc5bc9d79eaf775be33e7092","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ec731c6ef564ee6fc101fc5d73e3a3a953d09a00","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}