#VU91173 Off-by-one in Linux kernel - CVE-2021-47373
Vulnerability identifier: #VU91173
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-193
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the its_vpe_irq_domain_alloc() function in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/7d39992d45acd6f2d6b2f62389c55b61fb3d486b
https://git.kernel.org/stable/c/5701e8bff314c155e7afdc467b1e0389d86853d0
https://git.kernel.org/stable/c/42d3711c23781045e7a5cd28536c774b9a66d20b
https://git.kernel.org/stable/c/568662e37f927e3dc3e475f3ff7cf4ab7719c5e7
https://git.kernel.org/stable/c/e0c1c2e5da19685a20557a50f10c6aa4fa26aa84
https://git.kernel.org/stable/c/280bef512933b2dda01d681d8cbe499b98fc5bdd
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
