CVE-2021-47605

HIGH

Linux Kernel 5.15-5.15.10 - Out-of-bounds Write in vduse_dev_ioctl

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: vduse: fix memory corruption in vduse_dev_ioctl() The "config.offset" comes from the user. There needs to a check to prevent it being out of bounds. The "config.offset" and "dev->config_size" variables are both type u32. So if the offset if out of bounds then the "dev->config_size - config.offset" subtraction results in a very high u32 value. The out of bounds offset can result in memory corruption.

Scores

CVSS v3 7.8
EPSS 0.0021
EPSS Percentile 11.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (8)
Linux/Linux < 5.15
Linux/Linux 5.15
Linux/Linux 5.15.11 - 5.15.*
Linux/Linux 5.16
Linux/Linux c8a6153b6c59d95c0e091f053f6f180952ade91e - e6c67560b4341914bec32ec536e931c22062af65
Linux/Linux c8a6153b6c59d95c0e091f053f6f180952ade91e - ff9f9c6e74848170fcb45c8403c80d661484c8c9
linux/linux_kernel 5.16 rc1 (5 CPE variants)
linux/linux_kernel 5.15 - 5.15.11
Published Jun 19, 2024
Tracked Since Feb 18, 2026