#VU90276 Out-of-bounds read in Linux kernel - CVE-2021-47497

Vulnerability identifier: #VU90276

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47497

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nvmem_shift_read_buffer_in_place() function in drivers/nvmem/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/abcb8d33e4d2215ccde5ab5ccf9f730a59d79d97
https://git.kernel.org/stable/c/60df06bbdf497e37ed25ad40572c362e5b0998df
https://git.kernel.org/stable/c/2df6c023050205c4d04ffc121bc549f65cb8d1df
https://git.kernel.org/stable/c/eb0fc8e7170e61eaf65d28dee4a8baf4e86b19ca
https://git.kernel.org/stable/c/0594f1d048d8dc338eb9a240021b1d00ae1eb082
https://git.kernel.org/stable/c/57e48886401b14cd351423fabfec2cfd18df4f66
https://git.kernel.org/stable/c/0e822e5413da1af28cca350cb1cb42b6133bdcae
https://git.kernel.org/stable/c/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.