SB2024062572 - Buffer overflow in Linux kernel proc
Published: June 25, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024062572
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2021-47566)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the read_from_oldmem() function in fs/proc/vmcore.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/a9e164bd160be8cbee1df70acb379129e3cd2e7c
- https://git.kernel.org/stable/c/33a7d698f30fa0b99d50569e9909d3baa65d8f6a
- https://git.kernel.org/stable/c/99d348b82bcb36171f24411d3f1a15706a2a937a
- https://git.kernel.org/stable/c/9ef384ed300d1bcfb23d0ab0b487d544444d4b52
- https://git.kernel.org/stable/c/fd7974c547abfb03072a4ee706d3a6f182266f89
- https://git.kernel.org/stable/c/a8a917058faf4abaec9fb614bb6d5f8fe3529ec6
- https://git.kernel.org/stable/c/7b3a34f08d11e7f05cd00b8e09adaa15192f0ad1
- https://git.kernel.org/stable/c/c1e63117711977cc4295b2ce73de29dd17066c82
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.257
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.219
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.294
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.292
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.163