SB2024062592 - Buffer overflow in Linux kernel firmware driver
Published: June 25, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024062592
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2021-47609)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scpi_pm_domain_probe() function in drivers/firmware/scpi_pm_domain.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/639901b9429a3195e0fead981ed74b51f5f31538
- https://git.kernel.org/stable/c/4694b1ec425a2d20d6f8ca3db594829fdf5f2672
- https://git.kernel.org/stable/c/7e8645ca2c0046f7cd2f0f7d569fc036c8abaedb
- https://git.kernel.org/stable/c/802a1a8501563714a5fe8824f4ed27fec04a0719
- https://git.kernel.org/stable/c/f0f484714f35d24ffa0ecb4afe3df1c5b225411d
- https://git.kernel.org/stable/c/976389cbb16cee46847e5d06250a3a0b5506781e
- https://git.kernel.org/stable/c/865ed67ab955428b9aa771d8b4f1e4fb7fd08945
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.259
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.294
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.88
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.168