CVE-2021-47148

Published: Mar 25, 2024Modified: Dec 12, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context() This function is called from ethtool_set_rxfh() and "*rss_context" comes from the user. Add some bounds checking to prevent memory corruption.

Affected (4)

Products: Linux: Linux Kernel

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 5.12 to 5.12.9
Linux Linux Kernel	Version 5.13 rc1
Linux Linux Kernel	Version 5.13 rc2
Linux Linux Kernel	Version 5.13 rc3

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://git.kernel.org/stable/c/389146bc6d2bbb20714d06624b74856320ce40f7

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/e5cc361e21648b75f935f9571d4003aaee480214

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/389146bc6d2bbb20714d06624b74856320ce40f7

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://git.kernel.org/stable/c/e5cc361e21648b75f935f9571d4003aaee480214

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.