Buffer overflow in Linux kernel proc



Published: 2024-06-25
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-47566
CWE-ID CWE-119
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU93289

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47566

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the read_from_oldmem() function in fs/proc/vmcore.c. A local user can escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3
External links

http://git.kernel.org/stable/c/a9e164bd160be8cbee1df70acb379129e3cd2e7c
http://git.kernel.org/stable/c/33a7d698f30fa0b99d50569e9909d3baa65d8f6a
http://git.kernel.org/stable/c/99d348b82bcb36171f24411d3f1a15706a2a937a
http://git.kernel.org/stable/c/9ef384ed300d1bcfb23d0ab0b487d544444d4b52
http://git.kernel.org/stable/c/fd7974c547abfb03072a4ee706d3a6f182266f89
http://git.kernel.org/stable/c/a8a917058faf4abaec9fb614bb6d5f8fe3529ec6
http://git.kernel.org/stable/c/7b3a34f08d11e7f05cd00b8e09adaa15192f0ad1
http://git.kernel.org/stable/c/c1e63117711977cc4295b2ce73de29dd17066c82


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###