#VU91081 Out-of-bounds read in Linux kernel - CVE-2021-47478
Vulnerability identifier: #VU91081
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the isofs_read_inode() function in fs/isofs/inode.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/156ce5bb6cc43a80a743810199defb1dc3f55b7f
https://git.kernel.org/stable/c/9ec33a9b8790c212cc926a88c5e2105f97f3f57e
https://git.kernel.org/stable/c/afbd40f425227e661d991757e11cc4db024e761f
https://git.kernel.org/stable/c/b0ddff8d68f2e43857a84dce54c3deab181c8ae1
https://git.kernel.org/stable/c/6e80e9314f8bb52d9eabe1907698718ff01120f5
https://git.kernel.org/stable/c/86d4aedcbc69c0f84551fb70f953c24e396de2d7
https://git.kernel.org/stable/c/b2fa1f52d22c5455217b294629346ad23a744945
https://git.kernel.org/stable/c/e7fb722586a2936b37bdff096c095c30ca06404d
https://git.kernel.org/stable/c/e96a1866b40570b5950cda8602c2819189c62a48
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
