Information disclosure in Linux kernel

#VU91407 Information disclosure in Linux kernel

Published: 2024-06-08

Vulnerability identifier: #VU91407

Vulnerability risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47051

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the lpspi_prepare_xfer_hardware() function in drivers/spi/spi-fsl-lpspi.c. A local user can gain access to sensitive information.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/4a01ad002d2e03c399af536562693752af7c81b1
http://git.kernel.org/stable/c/ce02e58ddf8658a4c3bed2296f32a5873b3f7cce
http://git.kernel.org/stable/c/b8207bfc539cd07d15e753ff2d179c5b61c673b1
http://git.kernel.org/stable/c/6a2b5cee0d31ab6cc51030c441135b0e31217282
http://git.kernel.org/stable/c/a03675497970a93fcf25d81d9d92a59c2d7377a7

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Information disclosure in Linux kernel spi driver