CVE-2021-47219: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() The following issue was observed running syzkaller: BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:377 [inline] BUG: KASAN: slab-out-of-bounds in sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831 Read of size 2132 at addr ffff8880aea95dc8 by task syz-executor.0/9815 CPU: 0 PID: 9815 Comm: syz-executor.0 Not tainted 4.19.202-00874-gfc0fe04215a9 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xe4/0x14a lib/dump_stack.c:118 print_address_description+0x73/0x280 mm/kasan/report.c:253 kasan_report_error mm/kasan/report.c:352 [inline] kasan_report+0x272/0x370 mm/kasan/report.c:410 memcpy+0x1f/0x50 mm/kasan/kasan.c:302 memcpy include/linux/string.h:377 [inline] sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831 fill_from_dev_buffer+0x14f/0x340 drivers/scsi/scsi_debug.c:1021 resp_report_tgtpgs+0x5aa/0x770 drivers/scsi/scsi_debug.c:1772 schedule_resp+0x464/0x12f0 drivers/scsi/scsi_debug.c:4429 scsi_debug_queuecommand+0x467/0x1390 drivers/scsi/scsi_debug.c:5835 scsi_dispatch_cmd+0x3fc/0x9b0 drivers/scsi/scsi_lib.c:1896 scsi_request_fn+0x1042/0x1810 drivers/scsi/scsi_lib.c:2034 __blk_run_queue_uncond block/blk-core.c:464 [inline] __blk_run_queue+0x1a4/0x380 block/blk-core.c:484 blk_execute_rq_nowait+0x1c2/0x2d0 block/blk-exec.c:78 sg_common_write.isra.19+0xd74/0x1dc0 drivers/scsi/sg.c:847 sg_write.part.23+0x6e0/0xd00 drivers/scsi/sg.c:716 sg_write+0x64/0xa0 drivers/scsi/sg.c:622 __vfs_write+0xed/0x690 fs/read_write.c:485 kill_bdev:block_device:00000000e138492c vfs_write+0x184/0x4c0 fs/read_write.c:549 ksys_write+0x107/0x240 fs/read_write.c:599 do_syscall_64+0xc2/0x560 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe We get 'alen' from command its type is int. If userspace passes a large length we will get a negative 'alen'. Switch n, alen, and rlen to u32.
AI Analysis
Technical Summary
CVE-2021-47219 is a vulnerability identified in the Linux kernel specifically within the SCSI debug driver (scsi_debug). The issue arises from an out-of-bounds read in the function resp_report_tgtpgs(), which is part of the SCSI debug driver code. The vulnerability was discovered through fuzz testing using syzkaller, a kernel fuzzer, which triggered a kernel address sanitizer (KASAN) slab-out-of-bounds error during a memcpy operation. The root cause is related to the handling of the 'alen' variable, which is originally declared as a signed integer. When userspace passes a large length value, this can cause 'alen' to become negative due to integer overflow or sign issues, leading to improper memory access and out-of-bounds reads. The vulnerability affects the Linux kernel version 4.19.202 and potentially others using the affected scsi_debug driver code. The fix involves switching the variables 'n', 'alen', and 'rlen' to unsigned 32-bit integers (u32) to prevent negative values and thus avoid the out-of-bounds read. This vulnerability is a memory safety issue that can cause kernel crashes or potentially be leveraged for privilege escalation or information disclosure if exploited. However, no known exploits are currently reported in the wild. The vulnerability requires interaction with the SCSI debug driver, which is typically used for testing and debugging SCSI devices rather than production environments. The vulnerability does not have an assigned CVSS score but is recognized and published by the Linux project and CISA.
Potential Impact
For European organizations, the impact of CVE-2021-47219 depends largely on their use of Linux systems with the scsi_debug driver enabled. While scsi_debug is primarily a testing and debugging driver, some development, testing, or specialized environments may have it enabled. Exploitation could lead to kernel crashes (denial of service) or potentially privilege escalation or information leakage if an attacker can trigger the out-of-bounds read. This could affect the confidentiality, integrity, and availability of affected systems. Organizations running Linux kernels with this vulnerability in production environments that expose SCSI debug interfaces could be at risk. The impact is more significant in environments where kernel stability and security are critical, such as data centers, cloud providers, and critical infrastructure. Given the lack of known exploits, the immediate risk is moderate, but the vulnerability should be addressed proactively to prevent future exploitation. The vulnerability could also affect virtualized environments or QEMU-based test setups that use the affected kernel versions, which are common in European research and development organizations.
Mitigation Recommendations
1. Apply the official Linux kernel patches that fix the vulnerability by changing the relevant variables to unsigned integers to prevent negative length values and out-of-bounds reads. 2. Audit and disable the scsi_debug driver in production environments unless explicitly required for testing or debugging purposes. 3. Implement strict access controls to limit who can interact with SCSI debug interfaces or load kernel modules related to SCSI debug. 4. Monitor kernel logs for KASAN or other memory error reports that could indicate exploitation attempts. 5. Use kernel hardening features such as Kernel Address Sanitizer (KASAN) in testing environments to detect similar issues early. 6. For virtualized environments, ensure guest kernels are updated and that host systems do not expose unnecessary debug interfaces. 7. Incorporate this vulnerability into vulnerability management programs to track patch deployment and compliance.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2021-47219: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() The following issue was observed running syzkaller: BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:377 [inline] BUG: KASAN: slab-out-of-bounds in sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831 Read of size 2132 at addr ffff8880aea95dc8 by task syz-executor.0/9815 CPU: 0 PID: 9815 Comm: syz-executor.0 Not tainted 4.19.202-00874-gfc0fe04215a9 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xe4/0x14a lib/dump_stack.c:118 print_address_description+0x73/0x280 mm/kasan/report.c:253 kasan_report_error mm/kasan/report.c:352 [inline] kasan_report+0x272/0x370 mm/kasan/report.c:410 memcpy+0x1f/0x50 mm/kasan/kasan.c:302 memcpy include/linux/string.h:377 [inline] sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831 fill_from_dev_buffer+0x14f/0x340 drivers/scsi/scsi_debug.c:1021 resp_report_tgtpgs+0x5aa/0x770 drivers/scsi/scsi_debug.c:1772 schedule_resp+0x464/0x12f0 drivers/scsi/scsi_debug.c:4429 scsi_debug_queuecommand+0x467/0x1390 drivers/scsi/scsi_debug.c:5835 scsi_dispatch_cmd+0x3fc/0x9b0 drivers/scsi/scsi_lib.c:1896 scsi_request_fn+0x1042/0x1810 drivers/scsi/scsi_lib.c:2034 __blk_run_queue_uncond block/blk-core.c:464 [inline] __blk_run_queue+0x1a4/0x380 block/blk-core.c:484 blk_execute_rq_nowait+0x1c2/0x2d0 block/blk-exec.c:78 sg_common_write.isra.19+0xd74/0x1dc0 drivers/scsi/sg.c:847 sg_write.part.23+0x6e0/0xd00 drivers/scsi/sg.c:716 sg_write+0x64/0xa0 drivers/scsi/sg.c:622 __vfs_write+0xed/0x690 fs/read_write.c:485 kill_bdev:block_device:00000000e138492c vfs_write+0x184/0x4c0 fs/read_write.c:549 ksys_write+0x107/0x240 fs/read_write.c:599 do_syscall_64+0xc2/0x560 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe We get 'alen' from command its type is int. If userspace passes a large length we will get a negative 'alen'. Switch n, alen, and rlen to u32.
AI-Powered Analysis
Technical Analysis
CVE-2021-47219 is a vulnerability identified in the Linux kernel specifically within the SCSI debug driver (scsi_debug). The issue arises from an out-of-bounds read in the function resp_report_tgtpgs(), which is part of the SCSI debug driver code. The vulnerability was discovered through fuzz testing using syzkaller, a kernel fuzzer, which triggered a kernel address sanitizer (KASAN) slab-out-of-bounds error during a memcpy operation. The root cause is related to the handling of the 'alen' variable, which is originally declared as a signed integer. When userspace passes a large length value, this can cause 'alen' to become negative due to integer overflow or sign issues, leading to improper memory access and out-of-bounds reads. The vulnerability affects the Linux kernel version 4.19.202 and potentially others using the affected scsi_debug driver code. The fix involves switching the variables 'n', 'alen', and 'rlen' to unsigned 32-bit integers (u32) to prevent negative values and thus avoid the out-of-bounds read. This vulnerability is a memory safety issue that can cause kernel crashes or potentially be leveraged for privilege escalation or information disclosure if exploited. However, no known exploits are currently reported in the wild. The vulnerability requires interaction with the SCSI debug driver, which is typically used for testing and debugging SCSI devices rather than production environments. The vulnerability does not have an assigned CVSS score but is recognized and published by the Linux project and CISA.
Potential Impact
For European organizations, the impact of CVE-2021-47219 depends largely on their use of Linux systems with the scsi_debug driver enabled. While scsi_debug is primarily a testing and debugging driver, some development, testing, or specialized environments may have it enabled. Exploitation could lead to kernel crashes (denial of service) or potentially privilege escalation or information leakage if an attacker can trigger the out-of-bounds read. This could affect the confidentiality, integrity, and availability of affected systems. Organizations running Linux kernels with this vulnerability in production environments that expose SCSI debug interfaces could be at risk. The impact is more significant in environments where kernel stability and security are critical, such as data centers, cloud providers, and critical infrastructure. Given the lack of known exploits, the immediate risk is moderate, but the vulnerability should be addressed proactively to prevent future exploitation. The vulnerability could also affect virtualized environments or QEMU-based test setups that use the affected kernel versions, which are common in European research and development organizations.
Mitigation Recommendations
1. Apply the official Linux kernel patches that fix the vulnerability by changing the relevant variables to unsigned integers to prevent negative length values and out-of-bounds reads. 2. Audit and disable the scsi_debug driver in production environments unless explicitly required for testing or debugging purposes. 3. Implement strict access controls to limit who can interact with SCSI debug interfaces or load kernel modules related to SCSI debug. 4. Monitor kernel logs for KASAN or other memory error reports that could indicate exploitation attempts. 5. Use kernel hardening features such as Kernel Address Sanitizer (KASAN) in testing environments to detect similar issues early. 6. For virtualized environments, ensure guest kernels are updated and that host systems do not expose unnecessary debug interfaces. 7. Incorporate this vulnerability into vulnerability management programs to track patch deployment and compliance.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-04-10T18:59:19.528Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9835c4522896dcbea0bf
Added to database: 5/21/2025, 9:09:09 AM
Last enriched: 6/26/2025, 4:35:16 PM
Last updated: 7/29/2025, 12:29:55 PM
Views: 9
Related Threats
CVE-2025-52335: n/a
UnknownCVE-2025-8971: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-8970: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-50515: n/a
CriticalCVE-2025-50817: n/a
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.