CVE-2021-47137

HIGH

Linux Kernel 4.20-5.4.123 - Memory Corruption in RX Ring Descriptor

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails, DMA should reuse the previous skb and mapping and drop the packet. This patch also increments rx drop counter.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/8bb1077448d43a871ed667520763e3b9f9b7975d

Patch

https://git.kernel.org/stable/c/5ac72351655f8b033a2935646f53b7465c903418

Patch

https://git.kernel.org/stable/c/46dd4abced3cb2c912916f4a5353e0927db0c4a2

Patch

https://git.kernel.org/stable/c/c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20

Scores

CVSS v3 7.8

EPSS 0.0023

EPSS Percentile 13.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (12)

Linux/Linux < 4.20

Linux/Linux 4.20

Linux/Linux 5.10.42 - 5.10.*

Linux/Linux 5.12.9 - 5.12.*

Linux/Linux 5.13

Linux/Linux 5.4.124 - 5.4.*

Linux/Linux fe1a56420cf2ec28c8eceef672b87de0bbe1a260 - 46dd4abced3cb2c912916f4a5353e0927db0c4a2

Linux/Linux fe1a56420cf2ec28c8eceef672b87de0bbe1a260 - 5ac72351655f8b033a2935646f53b7465c903418

Linux/Linux fe1a56420cf2ec28c8eceef672b87de0bbe1a260 - 8bb1077448d43a871ed667520763e3b9f9b7975d

Linux/Linux fe1a56420cf2ec28c8eceef672b87de0bbe1a260 - c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20

... and 2 more

Published Mar 25, 2024

Tracked Since Feb 18, 2026