{"id":"CVE-2021-47649","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: validate ubuf-\u003epagecount\n\nSyzbot has reported GPF in sg_alloc_append_table_from_pages(). The\nproblem was in ubuf-\u003epages == ZERO_PTR.\n\nubuf-\u003epagecount is calculated from arguments passed from user-space. If\nuser creates udmabuf with list.size == 0 then ubuf-\u003epagecount will be\nalso equal to zero; it causes kmalloc_array() to return ZERO_PTR.\n\nFix it by validating ubuf-\u003epagecount before passing it to\nkmalloc_array().","modified":"2026-03-13T05:20:50.747961Z","published":"2025-02-26T06:37:06.687Z","related":["SUSE-SU-2025:1027-1","SUSE-SU-2025:1176-1","SUSE-SU-2025:1183-1","SUSE-SU-2025:1241-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/2b6dd600dd72573c23ea180b5b0b2f1813405882"},{"type":"FIX","url":"https://git.kernel.org/stable/c/5d50f851dd307c07ca5591297093f19967c834a9"},{"type":"FIX","url":"https://git.kernel.org/stable/c/811b667cefbea9cb7511a874b169d6a92907137e"},{"type":"FIX","url":"https://git.kernel.org/stable/c/9e9b4a269f84d3230f2af84ff42322db676440d9"},{"type":"FIX","url":"https://git.kernel.org/stable/c/a3728d32fc61eb0fe283cb8ff60b2c8f751e2202"},{"type":"FIX","url":"https://git.kernel.org/stable/c/b267a8118c2b171bf7d67b90ed64154eeab9fae0"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"4.20"},{"fixed":"5.4.189"}]},{"events":[{"introduced":"5.5"},{"fixed":"5.10.110"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.33"}]},{"events":[{"introduced":"5.16"},{"fixed":"5.16.19"}]},{"events":[{"introduced":"5.17"},{"fixed":"5.17.2"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47649.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}