search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2021-4439 - a6cbde45 #5181

Closed witchcraze closed 1 week ago

witchcraze commented 1 week ago

[CVE Configuration Update Request] Update Suggestion - CVE-2021-4439 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2021-4439 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2021-4439.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2021-4439.json

- CVE-2021-4439
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14.0 up to (excluding) 4.14.253
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.19.0 up to (excluding) 4.19.214
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.4.0 up to (excluding) 4.4.290
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.9.0 up to (excluding) 4.9.288
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.10.0 up to (excluding) 5.10.76
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.14.0 up to (excluding) 5.14.15
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.15.0 up to (excluding) 5.15
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.4.0 up to (excluding) 5.4.156
- Reference
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.14.253
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.19.214
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.4.290
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.9.288
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.10.76
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.14.15
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.15
  - https://www.kernel.org/pub//linux/kernel/v5.x/ChangeLog-5.4.156
- Reference (Commit)
  - isdn: cpai: check ctr->cnr to avoid array index out of bound
    - Fixed by
      - 4.14.253 (9b6b2db77bc3121fe435f1d4b56e34de443bec75)
      - 4.19.214 (7d91adc0ccb060ce564103315189466eb822cc6a)
      - 4.4.290 (e8b8de17e164c9f1b7777f1c6f99d05539000036)
      - 4.9.288 (24219a977bfe3d658687e45615c70998acdbac5a)
      - 5.10.76 (7f221ccbee4ec662e2292d490a43ce6c314c4594)
      - 5.14.15 (cc20226e218a2375d50dd9ac14fb4121b43375ff)
      - 5.15 (1f3e2e97c003f80c4b087092b225c8787ff91e4d) (upstream)
      - 5.4.156 (285e9210b1fab96a11c0be3ed5cea9dd48b6ac54)
    - Will be introduced by
      - 2.6.12 (1da177e4c3f4)
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2021-4439 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:linux:linux_kernel:5.15:rc5
cpe:/o:linux:linux_kernel:5.15:rc4
cpe:/o:linux:linux_kernel:5.15:rc3
cpe:/o:linux:linux_kernel:5.15:rc2
cpe:/o:linux:linux_kernel:5.15:rc1
cpe:/o:linux:linux_kernel 4.4.290
cpe:/o:linux:linux_kernel 4.10 4.14.253
cpe:/o:linux:linux_kernel 4.15 4.19.214
cpe:/o:linux:linux_kernel 4.20 5.4.156
cpe:/o:linux:linux_kernel 4.5 4.9.288
cpe:/o:linux:linux_kernel 5.11 5.14.15
cpe:/o:linux:linux_kernel 5.5 5.10.76
witchcraze commented 1 week ago

ok