#VU93398 Buffer overflow in Linux kernel


Published: 2024-06-26

Vulnerability identifier: #VU93398

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47509

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the snd_pcm_oss_set_fragment1() function in sound/core/oss/pcm_oss.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/d1bb703ad050de9095f10b2d3416c32921ac6bcc
http://git.kernel.org/stable/c/b02a41eebcc36d4f07196780f2e165ca2c499257
http://git.kernel.org/stable/c/be55f306396cd62c6889286a7194fd8b53363aeb
http://git.kernel.org/stable/c/2e54cf6794bf82a54aaefc78da13819aea9cd28a
http://git.kernel.org/stable/c/76f19e4cbb548e28547f8c328aa0bfb3a10222d3
http://git.kernel.org/stable/c/ad45babf7886e7a212ee1d5eda9ef49f696db43c
http://git.kernel.org/stable/c/35a3e511032146941085f87dd9fb5b82ea5c00a2
http://git.kernel.org/stable/c/8839c8c0f77ab8fc0463f4ab8b37fca3f70677c2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
openEuler 20.03 LTS SP4 update for kernel
Buffer overflow in Linux kernel core oss