Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2021-47566 |
CWE-ID | CWE-119 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU93289
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47566
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the read_from_oldmem() function in fs/proc/vmcore.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3http://git.kernel.org/stable/c/a9e164bd160be8cbee1df70acb379129e3cd2e7c
http://git.kernel.org/stable/c/33a7d698f30fa0b99d50569e9909d3baa65d8f6a
http://git.kernel.org/stable/c/99d348b82bcb36171f24411d3f1a15706a2a937a
http://git.kernel.org/stable/c/9ef384ed300d1bcfb23d0ab0b487d544444d4b52
http://git.kernel.org/stable/c/fd7974c547abfb03072a4ee706d3a6f182266f89
http://git.kernel.org/stable/c/a8a917058faf4abaec9fb614bb6d5f8fe3529ec6
http://git.kernel.org/stable/c/7b3a34f08d11e7f05cd00b8e09adaa15192f0ad1
http://git.kernel.org/stable/c/c1e63117711977cc4295b2ce73de29dd17066c82
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.