Out-of-bounds read in Linux kernel isofs
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-47478 |
| CWE-ID | CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds read
EUVDB-ID: #VU91081
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47478
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the isofs_read_inode() function in fs/isofs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.4 - 5.16 rc8
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.0-57:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/156ce5bb6cc43a80a743810199defb1dc3f55b7f
https://git.kernel.org/stable/c/9ec33a9b8790c212cc926a88c5e2105f97f3f57e
https://git.kernel.org/stable/c/afbd40f425227e661d991757e11cc4db024e761f
https://git.kernel.org/stable/c/b0ddff8d68f2e43857a84dce54c3deab181c8ae1
https://git.kernel.org/stable/c/6e80e9314f8bb52d9eabe1907698718ff01120f5
https://git.kernel.org/stable/c/86d4aedcbc69c0f84551fb70f953c24e396de2d7
https://git.kernel.org/stable/c/b2fa1f52d22c5455217b294629346ad23a744945
https://git.kernel.org/stable/c/e7fb722586a2936b37bdff096c095c30ca06404d
https://git.kernel.org/stable/c/e96a1866b40570b5950cda8602c2819189c62a48
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.255
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.217
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.292
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.290
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.79
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.18
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.2
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.159
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
