Bug 2024989 (CVE-2021-43975) - CVE-2021-43975 kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c
Summary: CVE-2021-43975 kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in d...
Keywords:
Status: NEW
Alias: CVE-2021-43975
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2024990 2025706 2025707 2025708 2027742 2208283
Blocks: 2024991
TreeView+ depends on / blocked
 
Reported: 2021-11-19 16:39 UTC by Guilherme de Almeida Suckevicz
Modified: 2024-03-19 19:49 UTC (History)
59 users (show)

Fixed In Version: Linux kernel 5.16-rc2
Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds write flaw was found in the Linux kernel’s Aquantia AQtion Ethernet card Atlantic driver in the way the ethernet card provides malicious input to the driver. This flaw allows a local user to emulate the networking device and crash the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:7268 0 None None None 2023-11-15 18:25:05 UTC
Red Hat Product Errata RHBA-2023:7328 0 None None None 2023-11-16 11:39:14 UTC
Red Hat Product Errata RHBA-2023:7338 0 None None None 2023-11-16 18:03:54 UTC
Red Hat Product Errata RHBA-2023:7343 0 None None None 2023-11-20 01:58:15 UTC
Red Hat Product Errata RHBA-2023:7346 0 None None None 2023-11-20 09:25:24 UTC
Red Hat Product Errata RHSA-2023:6901 0 None None None 2023-11-14 15:14:36 UTC
Red Hat Product Errata RHSA-2023:7077 0 None None None 2023-11-14 15:20:11 UTC
Red Hat Product Errata RHSA-2024:1188 0 None None None 2024-03-06 12:36:21 UTC
Red Hat Product Errata RHSA-2024:1404 0 None None None 2024-03-19 17:26:35 UTC

Description Guilherme de Almeida Suckevicz 2021-11-19 16:39:30 UTC 
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.

Reference and upstream patches:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b922f622592af76b57cbc566eaeccda0b31a3496
https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify@kernel.org/T/
Comment 1 Guilherme de Almeida Suckevicz 2021-11-19 16:41:01 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2024990]
Comment 18 errata-xmlrpc 2023-11-14 15:14:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:6901 https://access.redhat.com/errata/RHSA-2023:6901
Comment 19 errata-xmlrpc 2023-11-14 15:20:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7077 https://access.redhat.com/errata/RHSA-2023:7077
Comment 22 errata-xmlrpc 2024-03-06 12:36:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:1188 https://access.redhat.com/errata/RHSA-2024:1188
Comment 25 errata-xmlrpc 2024-03-19 17:26:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:1404 https://access.redhat.com/errata/RHSA-2024:1404
Note You need to log in before you can comment on or make changes to this bug.