Out-of-bounds read in Linux kernel scsi libfc driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-47308 |
| CWE-ID | CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds read
EUVDB-ID: #VU91090
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47308
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fc_rport_prli_resp() function in drivers/scsi/libfc/fc_rport.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttps://git.kernel.org/stable/c/44651522941c623e20882b3b443f23f77de1ea8b
https://git.kernel.org/stable/c/4921b1618045ffab71b1050bf0014df3313a2289
https://git.kernel.org/stable/c/0fe70c15f9435bb3c50954778245d62ee38b0e03
https://git.kernel.org/stable/c/a4a54c54af2516caa9c145015844543cfc84316a
https://git.kernel.org/stable/c/8511293e643a18b248510ae5734e4f360754348c
https://git.kernel.org/stable/c/b27c4577557045f1ab3cdfeabfc7f3cd24aca1fe
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
