Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

rhel 6
buffer weakness #14


Weakness Breakdown


Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:



The highlighted line of code below is the trigger point of this particular Red Hat Enterprise Linux 6 buffer weakness.

	fprintf(stderr, "Usage: docproc {doc|depend} file\n");
	fprintf(stderr, "Input is read from file.tmpl. Output is sent to stdout\n");
	fprintf(stderr, "doc: frontend when generating kernel documentation\n");
	fprintf(stderr, "depend: generate list of files referenced within file\n");
	fprintf(stderr, "Environment variable SRCTREE: absolute path to kernel source tree.\n");

 * Execute kernel-doc with parameters given in svec
void exec_kernel_doc(char **svec)
	pid_t pid;
	int ret;
	char real_filename[PATH_MAX + 1];
	/* Make sure output generated so far are flushed */
	switch (pid=fork()) {
		case -1:
		case  0:
			memset(real_filename, 0, sizeof(real_filename));
			strncat(real_filename, srctree, PATH_MAX);
			strncat(real_filename, KERNELDOCPATH KERNELDOC,
					PATH_MAX - strlen(real_filename));
			execvp(real_filename, svec);
			fprintf(stderr, "exec ");
			waitpid(pid, &ret ,0);
	if (WIFEXITED(ret))
		exitstatus |= WEXITSTATUS(ret);
		exitstatus = 0xff;

/* Types used to create list of all exported symbols in a number of files */
struct symbols
	char *name;

struct symfile
	char *filename;
	struct symbols *symbollist; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.