2024989 – (CVE-2021-43975) CVE-2021-43975 kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c

Bug 2024989 (CVE-2021-43975) - CVE-2021-43975 kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c

Summary: CVE-2021-43975 kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in d...

Keywords:
Status:	NEW
Alias:	CVE-2021-43975
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2024990 2025706 2025707 2025708 2027742 2208283
Blocks:	2024991
TreeView+	depends on / blocked

Reported:	2021-11-19 16:39 UTC by Guilherme de Almeida Suckevicz
Modified:	2023-12-07 15:35 UTC (History)
CC List:	58 users (show)
Fixed In Version:	Linux kernel 5.16-rc2
Doc Type:	If docs needed, set a value
Doc Text:	An out-of-bounds write flaw was found in the Linux kernel’s Aquantia AQtion Ethernet card Atlantic driver in the way the ethernet card provides malicious input to the driver. This flaw allows a local user to emulate the networking device and crash the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2023:7268	None	None	None	2023-11-15 18:25:05 UTC
Red Hat Product Errata	RHBA-2023:7328	None	None	None	2023-11-16 11:39:14 UTC
Red Hat Product Errata	RHBA-2023:7338	None	None	None	2023-11-16 18:03:54 UTC
Red Hat Product Errata	RHBA-2023:7343	None	None	None	2023-11-20 01:58:15 UTC
Red Hat Product Errata	RHBA-2023:7346	None	None	None	2023-11-20 09:25:24 UTC
Red Hat Product Errata	RHSA-2023:6901	None	None	None	2023-11-14 15:14:36 UTC
Red Hat Product Errata	RHSA-2023:7077	None	None	None	2023-11-14 15:20:11 UTC

Description Guilherme de Almeida Suckevicz 2021-11-19 16:39:30 UTC

In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.

Reference and upstream patches:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496
https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify@kernel.org/T/

Comment 1 Guilherme de Almeida Suckevicz 2021-11-19 16:41:01 UTC

Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2024990]

Comment 18 errata-xmlrpc 2023-11-14 15:14:32 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:6901

Comment 19 errata-xmlrpc 2023-11-14 15:20:07 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2023:7077

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
alciregi
allarkin
bdettelb
bhu
blc
chwhite
crwood
dbohanno
debarbos
dvlasenk
ezulian
hdegoede
hkrzesin
jarod
jarodwilson
jburrell
jdenham
jeremy
jfaracco
jforbes
jglisse
jlelli
joe.lawrence
jonathan
josef
jshortt
jstancek
jwboyer
jwyatt
kcarcia
kernel-maint
kernel-mgr
ldoskova
lgoncalv
linville
lleshchi
lzampier
masami256
mchehab
mlangsdo
nmurray
ptalbert
qzhao
rrobaina
rvrbovsk
rysulliv
scweaver
steved
tyberry
vkumar
walters
wcosta
williams
wmealing
ycote