#VU93156 Buffer overflow in Linux kernel - CVE-2021-47203

Vulnerability identifier: #VU93156

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47203

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the lpfc_drain_txq() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/ad4776b5eb2e58af1226847fcd3b4f6d051674dd
https://git.kernel.org/stable/c/ec70d80a8642900086447ba0cdc79e3f44d42e8f
https://git.kernel.org/stable/c/f05a0191b90156e539cccc189b9d87ca2a4d9305
https://git.kernel.org/stable/c/b291d147d0268e93ad866f8bc820ea14497abc9b
https://git.kernel.org/stable/c/16bcbfb56d759c25665f786e33ec633b9508a08f
https://git.kernel.org/stable/c/c097bd5a59162156d9c2077a2f58732ffbaa9fca
https://git.kernel.org/stable/c/814d3610c4ce86e8cf285b2cdac0057a42e82de5
https://git.kernel.org/stable/c/99154581b05c8fb22607afb7c3d66c1bace6aa5d

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.