SB2024060484 - Out-of-bounds read in Linux kernel dec tulip driver
Published: June 4, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024060484
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2021-47547)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mii_get_phy() function in drivers/net/ethernet/dec/tulip/de4x5.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/ec5bd0aef1cec96830d0c7e06d3597d9e786cc98
- https://git.kernel.org/stable/c/142ead3dc70411bd5977e8c47a6d8bf22287b3f8
- https://git.kernel.org/stable/c/d3dedaa5a601107cfedda087209772c76e364d58
- https://git.kernel.org/stable/c/2c1a6a9a011d622a7c61324a97a49801ba425eff
- https://git.kernel.org/stable/c/77ff166909458646e66450e42909e0adacc99049
- https://git.kernel.org/stable/c/f059fa40f0fcc6bc7a12e0f2a2504e9a4ff74f1f
- https://git.kernel.org/stable/c/12f907cb11576b8cd0b1d95a16d1f10ed5bb7237
- https://git.kernel.org/stable/c/61217be886b5f7402843677e4be7e7e83de9cb41
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.257
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.220
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.294
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.292
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.84
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.164