#VU92191 Out-of-bounds write in Linux kernel - CVE-2021-46974


Vulnerability identifier: #VU92191

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46974

CWE-ID: CWE-787

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to improper handling of masking negation logic upon a negative destination register. A local user can cause a denial of service by exploiting this flaw.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: before 4.14.233, 4.19.190, 5.4.117, 5.10.35, 5.11.19, 5.12.2, 4.14.233, 4.14.233, 4.14.233

External links
https://git.kernel.org/stable/c/4d542ddb88fb2f39bf7f14caa2902f3e8d06f6ba
https://git.kernel.org/stable/c/0e2dfdc74a7f4036127356d42ea59388f153f42c
https://git.kernel.org/stable/c/53e0db429b37a32b8fc706d0d90eb4583ad13848
https://git.kernel.org/stable/c/2cfa537674cd1051a3b8111536d77d0558f33d5d
https://git.kernel.org/stable/c/6eba92a4d4be8feb4dc33976abac544fa99d6ecc
https://git.kernel.org/stable/c/7cf64d8679ca1cb20cf57d6a88bfee79a0922a66
https://git.kernel.org/stable/c/b9b34ddbe2076ade359cd5ce7537d5ed019e9807

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell Storage Resource Manager (SRM) and Dell Storage Monitoring and Reporting (SMR)
Multiple vulnerabilities in Dell Cloud Tiering Appliance
Multiple vulnerabilities in Dell Secure Connect Gateway