#VU91090 Out-of-bounds read in Linux kernel - CVE-2021-47308

Cybersecurity Help s.r.o.

Published: 2024-06-04

Vulnerability identifier: #VU91090

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47308

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the fc_rport_prli_resp() function in drivers/scsi/libfc/fc_rport.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/44651522941c623e20882b3b443f23f77de1ea8b
https://git.kernel.org/stable/c/4921b1618045ffab71b1050bf0014df3313a2289
https://git.kernel.org/stable/c/0fe70c15f9435bb3c50954778245d62ee38b0e03
https://git.kernel.org/stable/c/a4a54c54af2516caa9c145015844543cfc84316a
https://git.kernel.org/stable/c/8511293e643a18b248510ae5734e4f360754348c
https://git.kernel.org/stable/c/b27c4577557045f1ab3cdfeabfc7f3cd24aca1fe

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell Cloud Tiering Appliance

Multiple vulnerabilities in Dell Secure Connect Gateway

SUSE update for the Linux Kernel

Out-of-bounds read in Linux kernel scsi libfc driver