Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

rhel 7
buffer weakness #4

5

Weakness Breakdown


Definition:

Buffer overflows are one of the most well-known software vulnerabilities. Even though most developers know what buffer overflows are, attacks against the vulnerabilities are common in both legacy and newer applications. A classic buffer overflow exploit begins with the attacker sending data to a program, which it then stores in an undersized stack buffer. Besides stack buffer overflows, other kinds of buffer overflows include heap overflows, off-by-one errors and many others. Learn more about buffer overflows on OWASP attack index.

Warning code(s):

Easily used incorrectly.

File Name:

intel-cmt-cat-3.0.1/pqos/monitor.c

Context:

The highlighted line of code below is the trigger point of this particular Red Hat Enterprise Linux 7 buffer weakness.

                                     mon_data->event & PQOS_MON_EVENT_L3_OCCUP,
                                    sel_events_max & PQOS_MON_EVENT_L3_OCCUP);

        offset += fillin_csv_column(mbl, data + offset, sz_data - offset,
                                    mon_data->event & PQOS_MON_EVENT_LMEM_BW,
                                    sel_events_max & PQOS_MON_EVENT_LMEM_BW);

        fillin_csv_column(mbr, data + offset, sz_data - offset,
                          mon_data->event & PQOS_MON_EVENT_RMEM_BW,
                          sel_events_max & PQOS_MON_EVENT_RMEM_BW);

        if (!process_mode())
                fprintf(fp,
                        "%s,\"%s\",%.2f,%llu%s\n",
                        time, (char *)mon_data->context,
                        mon_data->values.ipc,
                        (unsigned long long)mon_data->values.llc_misses_delta,
                        data);
        else {
                memset(core_list, 0, sizeof(core_list));

                if (get_pid_cores(mon_data, core_list,
                                  sizeof(core_list)) == -1) {
                        memset(core_list, 0, sizeof(core_list));
                        strncat(core_list, "err", sizeof(core_list) - 1);
                }

                fprintf(fp,
                        "%s,\"%s\",%s,%.2f,%llu%s\n",
                        time, (char *)mon_data->context, core_list,
                        mon_data->values.ipc,
                        (unsigned long long)mon_data->values.llc_misses_delta,
                        data);
        }
}

/**
 * @brief Builds monitoring header string
 *
 * @param hdr place to store monitoring header row
 * @param sz_hdr available memory size for the header
 * @param isxml true if XML output selected
 * @param istext true is TEXT output selected
 * @param iscsv true is CSV output selected
 */
static void
build_header_row(char *hdr, const size_t sz_hdr,
                 const int isxml,
                 const int istext,
                 const int iscsv) 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.