{"id":"CVE-2021-47604","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nvduse: check that offset is within bounds in get_config()\n\nThis condition checks \"len\" but it does not check \"offset\" and that\ncould result in an out of bounds read if \"offset \u003e dev-\u003econfig_size\".\nThe problem is that since both variables are unsigned the\n\"dev-\u003econfig_size - offset\" subtraction would result in a very high\nunsigned value.\n\nI think these checks might not be necessary because \"len\" and \"offset\"\nare supposed to already have been validated using the\nvhost_vdpa_config_validate() function.  But I do not know the code\nperfectly, and I like to be safe.","modified":"2026-03-14T11:19:17.232627Z","published":"2024-06-19T15:15:54.973Z","related":["SUSE-SU-2024:2372-1","SUSE-SU-2024:2394-1","SUSE-SU-2024:2939-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/dc1db0060c02d119fd4196924eff2d1129e9a442"},{"type":"FIX","url":"https://git.kernel.org/stable/c/ebbbc5fea3f648175df1aa3f127c78eb0252cc2a"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"5.15"},{"fixed":"5.15.11"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47604.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}