#VU90302 Out-of-bounds read in Linux kernel - CVE-2021-47393
Vulnerability identifier: #VU90302
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mlxreg_fan_set_cur_state() function in drivers/hwmon/mlxreg-fan.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/5c6e0bce647d9cb32a17d58ffa669b3421fcc6ca
https://git.kernel.org/stable/c/a6c42ae1530f94724d3c42cf91fe3d3c5e394f8a
https://git.kernel.org/stable/c/76bbb482d33bfcd7e9070ecf594c9ec73e01c930
https://git.kernel.org/stable/c/aa85fb7bde558bb2e364e85976b14b259c8b6fe8
https://git.kernel.org/stable/c/e6fab7af6ba1bc77c78713a83876f60ca7a4a064
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
