#VU93139 Buffer overflow in Linux kernel - CVE-2021-47434

Vulnerability identifier: #VU93139

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47434

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the xhci_handle_stopped_cmd_ring() function in drivers/usb/host/xhci-ring.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/22bcb65ea41072ab5d03c0c6290e04e0df6d09a0
https://git.kernel.org/stable/c/62c182b5e763e5f4062e72678e72ce3e02dd4d1b
https://git.kernel.org/stable/c/01c2dcb67e71c351006dd17cbba86c26b7f61eaf
https://git.kernel.org/stable/c/dec944bb7079b37968cf69c8a438f91f15c4cc61
https://git.kernel.org/stable/c/e54abefe703ab7c4e5983e889babd1447738ca42
https://git.kernel.org/stable/c/ff0e50d3564f33b7f4b35cadeabd951d66cfc570

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.