retired/CVE-2021-3491


1
2
3
4
5
6
7
8
9
10
11
12
13
14

Description: io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers
References:
 https://www.openwall.com/lists/oss-security/2021/05/11/13
Notes:
 carnil> Commit fixes ddf0322db79c ("io_uring: add
 carnil> IORING_OP_PROVIDE_BUFFERS") in 5.7-rc1.
Bugs:
upstream: released (5.13-rc1) [d1f82808877bb10d3deee7cf3374a4eb3fb582db]
5.10-upstream-stable: released (5.10.37) [7e916d0124e5f40d7912f93a633f5dee2c3ad735]
4.19-upstream-stable: N/A "Vulnerable code introduced later"
4.9-upstream-stable: N/A "Vulnerable code introduced later"
sid: released (5.10.38-1)
4.19-buster-security: N/A "Vulnerable code introduced later"
4.9-stretch-security: N/A "Vulnerable code introduced later"