CVE-2021-47039

HIGH

Linux Kernel 5.11-5.11.20 - Out-of-bounds Read in ataflop do_format()

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ataflop: potential out of bounds in do_format() The function uses "type" as an array index: q = unit[drive].disk[type]->queue; Unfortunately the bounds check on "type" isn't done until later in the function. Fix this by moving the bounds check to the start.

Scores

CVSS v3 7.1
EPSS 0.0024
EPSS Percentile 15.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-125
Status published
Products (9)
Linux/Linux < 5.11
Linux/Linux 5.11
Linux/Linux 5.11.21 - 5.11.*
Linux/Linux 5.12.4 - 5.12.*
Linux/Linux 5.13
Linux/Linux bf9c0538e485b591a2ee02d9adb8a99db4be5a2a - 07f86aa8f4fe077be1b018cc177eb8c6573e5671
Linux/Linux bf9c0538e485b591a2ee02d9adb8a99db4be5a2a - 1ffec389a6431782a8a28805830b6fae9bf00af1
Linux/Linux bf9c0538e485b591a2ee02d9adb8a99db4be5a2a - 2a3a8bbca28b899806844c00d49ed1b7ccb50957
linux/linux_kernel 5.11 - 5.11.21
Published Feb 28, 2024
Tracked Since Feb 18, 2026