SB2024060820 - Buffer overflow in Linux kernel comedi drivers driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2021-47474)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the vmk80xx_do_bulk_msg() function in drivers/staging/comedi/drivers/vmk80xx.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/e0e6a63fd97ad95fe05dfd77268a1952551e11a7
• https://git.kernel.org/stable/c/7cfb35db607760698d299fd1cf7402dfa8f09973
• https://git.kernel.org/stable/c/0866dcaa828c21bc2f94dac00e086078f11b5772
• https://git.kernel.org/stable/c/063f576c43d589a4c153554b681d32b3f8317c7b
• https://git.kernel.org/stable/c/1ae4715121a57bc6fa29fd992127b01907f2f993
• https://git.kernel.org/stable/c/b7fd7f3387f070215e6be341e68eb5c087eeecc0
• https://git.kernel.org/stable/c/7b0e356189327287d0eb98ec081bd6dd97068cd3
• https://git.kernel.org/stable/c/47b4636ebdbeba2044b3db937c4d2b6a4fe3d0f2
• https://git.kernel.org/stable/c/78cdfd62bd54af615fba9e3ca1ba35de39d3871d
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.255
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.217
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.292
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.290
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.79
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.18
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.2
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.159