#VU89257 Buffer overflow in Linux kernel


Published: 2024-05-08

Vulnerability identifier: #VU89257

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47114

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in fs/ocfs2/file.c. A local user can trigger memory corruption and crash the kernel.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/624fa7baa3788dc9e57840ba5b94bc22b03cda57
http://git.kernel.org/stable/c/33e03adafb29eedae1bae9cdb50c1385279fcf65
http://git.kernel.org/stable/c/a1700479524bb9cb5e8ae720236a6fabd003acae
http://git.kernel.org/stable/c/cec4e857ffaa8c447f51cd8ab4e72350077b6770
http://git.kernel.org/stable/c/cc2edb99ea606a45182b5ea38cc8f4e583aa0774
http://git.kernel.org/stable/c/c8d5faee46242c3f33b8a71a4d7d52214785bfcc
http://git.kernel.org/stable/c/0a31dd6fd2f4e7db538fb6eb1f06973d81f8dd3b
http://git.kernel.org/stable/c/6bba4471f0cc1296fe3c2089b9e52442d3074b2e

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 20.03 LTS SP4 update for kernel
openEuler 20.03 LTS SP1 update for kernel
Denial of service in Linux kernel ocfs2