CVE-2021-47040

Published: Feb 28, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: io_uring: fix overflows checks in provide buffers Colin reported before possible overflow and sign extension problems in io_provide_buffers_prep(). As Linus pointed out previous attempt did nothing useful, see d81269fecb8ce ("io_uring: fix provide_buffers sign extension"). Do that with help of check_<op>_overflow helpers. And fix struct io_provide_buf::len type, as it doesn't make much sense to keep it signed.

Vendor	Product	Versions
Linux	Linux	affected `efe68c1ca8f49e8c06afd74b699411bfbb8ba1ff - < cbbc13b115b8f18e0a714d89f87fbdc499acfe2d` affected `efe68c1ca8f49e8c06afd74b699411bfbb8ba1ff - < 51bf90901952aaac564bbdb36b2b503050c53dd9` affected `efe68c1ca8f49e8c06afd74b699411bfbb8ba1ff - < 84b8c266c4bfe9ed5128e13253c388deb74b1b03` affected `efe68c1ca8f49e8c06afd74b699411bfbb8ba1ff - < 38134ada0ceea3e848fe993263c0ff6207fd46e7`
Linux	Linux	affected `5.8` unaffected `0 - < 5.8` unaffected `5.10.37 - <= 5.10.` unaffected `5.11.21 - <= 5.11.` unaffected `5.12.4 - <= 5.12.*` +1 more versions

References

https://git.kernel.org/stable/c/cbbc13b115b8f18e0a714d89f87fbdc499acfe2d

https://git.kernel.org/stable/c/51bf90901952aaac564bbdb36b2b503050c53dd9

https://git.kernel.org/stable/c/84b8c266c4bfe9ed5128e13253c388deb74b1b03

https://git.kernel.org/stable/c/38134ada0ceea3e848fe993263c0ff6207fd46e7

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-47040

Description

Affected Products

References