#VU91325 Information disclosure in Linux kernel


Published: 2024-06-08

Vulnerability identifier: #VU91325

Vulnerability risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47538

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the rxrpc_create_peer(), rxrpc_lookup_peer(), __rxrpc_put_peer() and rxrpc_put_peer_locked() functions in net/rxrpc/peer_object.c. A local user can gain access to sensitive information.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/913c24af2d13a3fd304462916ee98e298d56bdce
http://git.kernel.org/stable/c/3e70e3a72d80b16094faccbe438cd53761c3503a
http://git.kernel.org/stable/c/60f0b9c42cb80833a03ca57c1c8b078d716e71d1
http://git.kernel.org/stable/c/9469273e616ca8f1b6e3773c5019f21b4c8d828c
http://git.kernel.org/stable/c/beacff50edbd6c9659a6f15fc7f6126909fade29

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
openEuler 20.03 LTS SP4 update for kernel
Information disclosure in Linux kernel rxrpc