#VU90962 Improper error handling in Linux kernel - CVE-2021-46943

Cybersecurity Help s.r.o.

Published: 2024-06-03

Vulnerability identifier: #VU90962

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46943

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper error handling within the imgu_fmt() function in drivers/staging/media/ipu3/ipu3-v4l2.c. A local user can execute arbitrary code.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/a03fb1e8a110658215a4cefc3e2ad53279e496a6
https://git.kernel.org/stable/c/c6b81b897f6f9445d57f8d47c4e060ec21556137
https://git.kernel.org/stable/c/34892ea938387d83ffcfb7775ec55f0f80767916
https://git.kernel.org/stable/c/6fb617e37a39db0a3eca4489431359d0bdf3b9bc
https://git.kernel.org/stable/c/ad91849996f9dd79741a961fd03585a683b08356

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Improper error handling in Linux kernel media ipu3 driver