#VU104542 Out-of-bounds read in Linux kernel - CVE-2021-47636

Cybersecurity Help s.r.o.

Published: 2025-02-26

Vulnerability identifier: #VU104542

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47636

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ubifs_wbuf_write_nolock() function in fs/ubifs/io.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/07a209fadee7b53b46858538e1177597273862e4
https://git.kernel.org/stable/c/3b7fb89135a20587d57f8877c02e25003e9edbdf
https://git.kernel.org/stable/c/4f2262a334641e05f645364d5ade1f565c85f20b
https://git.kernel.org/stable/c/5343575aa11c5d7044107d59d43f84aec01312b0
https://git.kernel.org/stable/c/a7054aaf1909cf40489c0ec1b728fdcf79c751a6
https://git.kernel.org/stable/c/b80ccbec0e4804436c382d7dd60e943c386ed83a
https://git.kernel.org/stable/c/e09fa5318d51f522e1af4fbaf8f74999355980c8

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Out-of-bounds read in Linux kernel ubifs