#VU104729 Input validation error in Linux kernel - CVE-2021-47641
Vulnerability identifier: #VU104729
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cirrusfb_check_mclk() and cirrusfb_check_pixclock() functions in drivers/video/fbdev/cirrusfb.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/1d3fb46439ad4e8f0c5739eb33d1875ac9e0f135
https://git.kernel.org/stable/c/40b13e3d85744210db13457785646634e2d056bd
https://git.kernel.org/stable/c/45800c42ef000f417270bcfc08630e42486fca99
https://git.kernel.org/stable/c/53a2088a396cfa1da92690a1da289634cd73bf0d
https://git.kernel.org/stable/c/5c6f402bdcf9e7239c6bc7087eda71ac99b31379
https://git.kernel.org/stable/c/6fe23ff94e7840097202e85c148688940b37c9b1
https://git.kernel.org/stable/c/8c7e2141fb89c620ab4e41512e262fbf25b8260d
https://git.kernel.org/stable/c/c656d04247a2654ede5cead2ecbf83431dad5261
https://git.kernel.org/stable/c/e498b504f8c81b07efab9febf8503448de4dc9cf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
