#VU93141 Buffer overflow in Linux kernel - CVE-2021-47460

Vulnerability identifier: #VU93141

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47460

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ocfs2_set_inode_data_inline() and ocfs2_convert_inline_data_to_extents() functions in fs/ocfs2/alloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/560edd14de2bf9dbc0129681eeb4d5ef87cc105f
https://git.kernel.org/stable/c/8e6bfb4f70168ddfd32fb6dc028ad52faaf1f32e
https://git.kernel.org/stable/c/a3a089c241cd49b33a8cdd7fcb37cc87a086912a
https://git.kernel.org/stable/c/b05caf023b14cbed9223bb5b48ecc7bffe38f632
https://git.kernel.org/stable/c/f1b98569e81c37d7e0deada7172f8f60860c1360
https://git.kernel.org/stable/c/fa9b6b6c953e3f6441ed6cf83b4c771dac2dae08
https://git.kernel.org/stable/c/5314454ea3ff6fc746eaf71b9a7ceebed52888fa

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.