CVE-2021-47605
HIGHLinux Kernel 5.15-5.15.10 - Out-of-bounds Write in vduse_dev_ioctl
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: vduse: fix memory corruption in vduse_dev_ioctl() The "config.offset" comes from the user. There needs to a check to prevent it being out of bounds. The "config.offset" and "dev->config_size" variables are both type u32. So if the offset if out of bounds then the "dev->config_size - config.offset" subtraction results in a very high u32 value. The out of bounds offset can result in memory corruption.
References (2)
Core 2
Scores
CVSS v3
7.8
EPSS
0.0021
EPSS Percentile
11.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-787
Status
published
Products (8)
Linux/Linux
< 5.15
Linux/Linux
5.15
Linux/Linux
5.15.11 - 5.15.*
Linux/Linux
5.16
Linux/Linux
c8a6153b6c59d95c0e091f053f6f180952ade91e - e6c67560b4341914bec32ec536e931c22062af65
Linux/Linux
c8a6153b6c59d95c0e091f053f6f180952ade91e - ff9f9c6e74848170fcb45c8403c80d661484c8c9
linux/linux_kernel
5.16 rc1 (5 CPE variants)
linux/linux_kernel
5.15 - 5.15.11
Published
Jun 19, 2024
Tracked Since
Feb 18, 2026