{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47064", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-29T22:33:44.295Z", "datePublished": "2024-02-29T22:37:38.257Z", "dateUpdated": "2024-12-19T07:34:34.905Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:34:34.905Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: fix potential DMA mapping leak\n\nWith buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmap\ncould potentially inherit a non-zero value from stack garbage.\nIf this happens, it will cause DMA mappings for MCU command frames to not be\nunmapped after completion"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/mediatek/mt76/dma.c"], "versions": [{"version": "27d5c528a7ca08dcd44877fdd9fc08b76630bf77", "lessThan": "9fa26701cd1fc4d932d431971efc5746325bdfce", "status": "affected", "versionType": "git"}, {"version": "27d5c528a7ca08dcd44877fdd9fc08b76630bf77", "lessThan": "9b68ce2856dadc0e1cb6fd21fbeb850da49efd08", "status": "affected", "versionType": "git"}, {"version": "27d5c528a7ca08dcd44877fdd9fc08b76630bf77", "lessThan": "91b9548d413fda488ea853cd1b9f59b572db3a0c", "status": "affected", "versionType": "git"}, {"version": "27d5c528a7ca08dcd44877fdd9fc08b76630bf77", "lessThan": "b4403cee6400c5f679e9c4a82b91d61aa961eccf", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/mediatek/mt76/dma.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.37", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.11.21", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.4", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/9fa26701cd1fc4d932d431971efc5746325bdfce"}, {"url": "https://git.kernel.org/stable/c/9b68ce2856dadc0e1cb6fd21fbeb850da49efd08"}, {"url": "https://git.kernel.org/stable/c/91b9548d413fda488ea853cd1b9f59b572db3a0c"}, {"url": "https://git.kernel.org/stable/c/b4403cee6400c5f679e9c4a82b91d61aa961eccf"}], "title": "mt76: fix potential DMA mapping leak", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-03-01T15:38:34.929881Z", "id": "CVE-2021-47064", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-07T20:53:13.305Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.820Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9fa26701cd1fc4d932d431971efc5746325bdfce", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9b68ce2856dadc0e1cb6fd21fbeb850da49efd08", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/91b9548d413fda488ea853cd1b9f59b572db3a0c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b4403cee6400c5f679e9c4a82b91d61aa961eccf", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/9fa26701cd1fc4d932d431971efc5746325bdfce", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9b68ce2856dadc0e1cb6fd21fbeb850da49efd08", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/91b9548d413fda488ea853cd1b9f59b572db3a0c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b4403cee6400c5f679e9c4a82b91d61aa961eccf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.820Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-47064", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-01T15:38:34.929881Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:14.410Z"}}], "cna": {"title": "mt76: fix potential DMA mapping leak", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "27d5c528a7ca08dcd44877fdd9fc08b76630bf77", "lessThan": "9fa26701cd1fc4d932d431971efc5746325bdfce", "versionType": "git"}, {"status": "affected", "version": "27d5c528a7ca08dcd44877fdd9fc08b76630bf77", "lessThan": "9b68ce2856dadc0e1cb6fd21fbeb850da49efd08", "versionType": "git"}, {"status": "affected", "version": "27d5c528a7ca08dcd44877fdd9fc08b76630bf77", "lessThan": "91b9548d413fda488ea853cd1b9f59b572db3a0c", "versionType": "git"}, {"status": "affected", "version": "27d5c528a7ca08dcd44877fdd9fc08b76630bf77", "lessThan": "b4403cee6400c5f679e9c4a82b91d61aa961eccf", "versionType": "git"}], "programFiles": ["drivers/net/wireless/mediatek/mt76/dma.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.10"}, {"status": "unaffected", "version": "0", "lessThan": "5.10", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.37", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.21", "versionType": "semver", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12.4", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/wireless/mediatek/mt76/dma.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/9fa26701cd1fc4d932d431971efc5746325bdfce"}, {"url": "https://git.kernel.org/stable/c/9b68ce2856dadc0e1cb6fd21fbeb850da49efd08"}, {"url": "https://git.kernel.org/stable/c/91b9548d413fda488ea853cd1b9f59b572db3a0c"}, {"url": "https://git.kernel.org/stable/c/b4403cee6400c5f679e9c4a82b91d61aa961eccf"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: fix potential DMA mapping leak\n\nWith buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmap\ncould potentially inherit a non-zero value from stack garbage.\nIf this happens, it will cause DMA mappings for MCU command frames to not be\nunmapped after completion"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:34:34.905Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47064", "state": "PUBLISHED", "dateUpdated": "2024-12-19T07:34:34.905Z", "dateReserved": "2024-02-29T22:33:44.295Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-29T22:37:38.257Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E433B72-3E3A-435E-9A66-80D28868BDF2", "versionEndExcluding": "5.10.37", "versionStartIncluding": "5.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CBB94EC-EC33-4464-99C5-03E5542715F0", "versionEndExcluding": "5.11.21", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8C7052F-1B7B-4327-9C2B-84EBF3243838", "versionEndExcluding": "5.12.4", "versionStartIncluding": "5.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: fix potential DMA mapping leak\n\nWith buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmap\ncould potentially inherit a non-zero value from stack garbage.\nIf this happens, it will cause DMA mappings for MCU command frames to not be\nunmapped after completion"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mt76: corrige una posible fuga de mapeo DMA Con buf no inicializado en mt76_dma_tx_queue_skb_raw, su campo skip_unmap podr\u00eda potencialmente heredar un valor distinto de cero de la basura de la pila. Si esto sucede, las asignaciones DMA para las tramas de comando MCU no se desasignar\u00e1n una vez finalizadas."}], "id": "CVE-2021-47064", "lastModified": "2025-04-08T15:10:02.877", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-29T23:15:07.947", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/91b9548d413fda488ea853cd1b9f59b572db3a0c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9b68ce2856dadc0e1cb6fd21fbeb850da49efd08"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9fa26701cd1fc4d932d431971efc5746325bdfce"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b4403cee6400c5f679e9c4a82b91d61aa961eccf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/91b9548d413fda488ea853cd1b9f59b572db3a0c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9b68ce2856dadc0e1cb6fd21fbeb850da49efd08"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9fa26701cd1fc4d932d431971efc5746325bdfce"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b4403cee6400c5f679e9c4a82b91d61aa961eccf"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: mt76: fix potential DMA mapping leak", "id": "2267167", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2267167"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-402", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmt76: fix potential DMA mapping leak\nWith buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmap\ncould potentially inherit a non-zero value from stack garbage.\nIf this happens, it will cause DMA mappings for MCU command frames to not be\nunmapped after completion"], "name": "CVE-2021-47064", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47064\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47064\nhttps://lore.kernel.org/linux-cve-announce/2024022954-CVE-2021-47064-f220@gregkh/T/#u"], "threat_severity": "Low"}