Out-of-bounds read in Linux kernel



Published: 2024-05-31
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-47277
CWE-ID CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Out-of-bounds read

EUVDB-ID: #VU90296

Risk: Low

CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47277

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the include/linux/kvm_host.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/3098b86390a6b9ea52657689f08410baf130ceff
http://git.kernel.org/stable/c/740621309b25bbf619b8a0ba5fd50a8e58989441
http://git.kernel.org/stable/c/361ce3b917aff93123e9e966d8608655c967f438
http://git.kernel.org/stable/c/22b87fb17a28d37331bb9c1110737627b17f6781
http://git.kernel.org/stable/c/bff1fbf0cf0712686f1df59a83fba6e31d2746a0
http://git.kernel.org/stable/c/7af299b97734c7e7f465b42a2139ce4d77246975
http://git.kernel.org/stable/c/ed0e2a893092c7fcb4ff7ba74e5efce53a6f5940
http://git.kernel.org/stable/c/da27a83fd6cc7780fea190e1f5c19e87019da65c


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###