{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47276","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-21T13:27:52.128Z","datePublished":"2024-05-21T14:20:04.023Z","dateUpdated":"2025-05-04T07:07:43.402Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:07:43.402Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Do not blindly read the ip address in ftrace_bug()\n\nIt was reported that a bug on arm64 caused a bad ip address to be used for\nupdating into a nop in ftrace_init(), but the error path (rightfully)\nreturned -EINVAL and not -EFAULT, as the bug caused more than one error to\noccur. But because -EINVAL was returned, the ftrace_bug() tried to report\nwhat was at the location of the ip address, and read it directly. This\ncaused the machine to panic, as the ip was not pointing to a valid memory\naddress.\n\nInstead, read the ip address with copy_from_kernel_nofault() to safely\naccess the memory, and if it faults, report that the address faulted,\notherwise report what was in that location."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/trace/ftrace.c"],"versions":[{"version":"05736a427f7e16be948ccbf39782bd3a6ae16b14","lessThan":"0bc62e398bbd9e600959e610def5109957437b28","status":"affected","versionType":"git"},{"version":"05736a427f7e16be948ccbf39782bd3a6ae16b14","lessThan":"4aedc2bc2b32c93555f47c95610efb89cc1ec09b","status":"affected","versionType":"git"},{"version":"05736a427f7e16be948ccbf39782bd3a6ae16b14","lessThan":"acf671ba79c1feccc3ec7cfdcffead4efcec49e7","status":"affected","versionType":"git"},{"version":"05736a427f7e16be948ccbf39782bd3a6ae16b14","lessThan":"862dcc14f2803c556bdd73b43c27b023fafce2fb","status":"affected","versionType":"git"},{"version":"05736a427f7e16be948ccbf39782bd3a6ae16b14","lessThan":"7e4e824b109f1d41ccf223fbb0565d877d6223a2","status":"affected","versionType":"git"},{"version":"05736a427f7e16be948ccbf39782bd3a6ae16b14","lessThan":"97524384762c1fb9b3ded931498dd2047bd0de81","status":"affected","versionType":"git"},{"version":"05736a427f7e16be948ccbf39782bd3a6ae16b14","lessThan":"3e4ddeb68751fb4fb657199aed9cfd5d02796875","status":"affected","versionType":"git"},{"version":"05736a427f7e16be948ccbf39782bd3a6ae16b14","lessThan":"6c14133d2d3f768e0a35128faac8aa6ed4815051","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/trace/ftrace.c"],"versions":[{"version":"2.6.28","status":"affected"},{"version":"0","lessThan":"2.6.28","status":"unaffected","versionType":"semver"},{"version":"4.4.273","lessThanOrEqual":"4.4.*","status":"unaffected","versionType":"semver"},{"version":"4.9.273","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.237","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.195","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.126","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.44","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.12.11","lessThanOrEqual":"5.12.*","status":"unaffected","versionType":"semver"},{"version":"5.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.28","versionEndExcluding":"4.4.273"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.28","versionEndExcluding":"4.9.273"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.28","versionEndExcluding":"4.14.237"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.28","versionEndExcluding":"4.19.195"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.28","versionEndExcluding":"5.4.126"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.28","versionEndExcluding":"5.10.44"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.28","versionEndExcluding":"5.12.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.28","versionEndExcluding":"5.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/0bc62e398bbd9e600959e610def5109957437b28"},{"url":"https://git.kernel.org/stable/c/4aedc2bc2b32c93555f47c95610efb89cc1ec09b"},{"url":"https://git.kernel.org/stable/c/acf671ba79c1feccc3ec7cfdcffead4efcec49e7"},{"url":"https://git.kernel.org/stable/c/862dcc14f2803c556bdd73b43c27b023fafce2fb"},{"url":"https://git.kernel.org/stable/c/7e4e824b109f1d41ccf223fbb0565d877d6223a2"},{"url":"https://git.kernel.org/stable/c/97524384762c1fb9b3ded931498dd2047bd0de81"},{"url":"https://git.kernel.org/stable/c/3e4ddeb68751fb4fb657199aed9cfd5d02796875"},{"url":"https://git.kernel.org/stable/c/6c14133d2d3f768e0a35128faac8aa6ed4815051"}],"title":"ftrace: Do not blindly read the ip address in ftrace_bug()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-47276","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-23T21:21:37.653286Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:14:39.026Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:32:07.996Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/0bc62e398bbd9e600959e610def5109957437b28","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/4aedc2bc2b32c93555f47c95610efb89cc1ec09b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/acf671ba79c1feccc3ec7cfdcffead4efcec49e7","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/862dcc14f2803c556bdd73b43c27b023fafce2fb","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/7e4e824b109f1d41ccf223fbb0565d877d6223a2","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/97524384762c1fb9b3ded931498dd2047bd0de81","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/3e4ddeb68751fb4fb657199aed9cfd5d02796875","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6c14133d2d3f768e0a35128faac8aa6ed4815051","tags":["x_transferred"]}]}]}}