Out-of-bounds read in Linux kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-47277 |
| CWE-ID | CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds read
EUVDB-ID: #VU90296
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47277
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/linux/kvm_host.h. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.4 - 5.13 rc5
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.0-57:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/3098b86390a6b9ea52657689f08410baf130ceff
https://git.kernel.org/stable/c/740621309b25bbf619b8a0ba5fd50a8e58989441
https://git.kernel.org/stable/c/361ce3b917aff93123e9e966d8608655c967f438
https://git.kernel.org/stable/c/22b87fb17a28d37331bb9c1110737627b17f6781
https://git.kernel.org/stable/c/bff1fbf0cf0712686f1df59a83fba6e31d2746a0
https://git.kernel.org/stable/c/7af299b97734c7e7f465b42a2139ce4d77246975
https://git.kernel.org/stable/c/ed0e2a893092c7fcb4ff7ba74e5efce53a6f5940
https://git.kernel.org/stable/c/da27a83fd6cc7780fea190e1f5c19e87019da65c
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.237
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.195
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.273
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.273
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.44
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.126
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
