Vulnerability identifier: #VU93156

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47203

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the lpfc_drain_txq() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

---

External links
http://git.kernel.org/stable/c/ad4776b5eb2e58af1226847fcd3b4f6d051674dd
http://git.kernel.org/stable/c/ec70d80a8642900086447ba0cdc79e3f44d42e8f
http://git.kernel.org/stable/c/f05a0191b90156e539cccc189b9d87ca2a4d9305
http://git.kernel.org/stable/c/b291d147d0268e93ad866f8bc820ea14497abc9b
http://git.kernel.org/stable/c/16bcbfb56d759c25665f786e33ec633b9508a08f
http://git.kernel.org/stable/c/c097bd5a59162156d9c2077a2f58732ffbaa9fca
http://git.kernel.org/stable/c/814d3610c4ce86e8cf285b2cdac0057a42e82de5
http://git.kernel.org/stable/c/99154581b05c8fb22607afb7c3d66c1bace6aa5d

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.