SB2024062523 - Buffer overflow in Linux kernel ethtool
Published: June 25, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024062523
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2021-47241)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the strset_reply_size() function in net/ethtool/strset.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/fb3a948143688e14e2cfd2a2812877923d0e5e92
- https://git.kernel.org/stable/c/cfc7f0e70d649e6d2233fba0d9390b525677d971
- https://git.kernel.org/stable/c/e175aef902697826d344ce3a12189329848fe898
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.46
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13