Buffer overflow in Linux kernel ocfs2
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-47460 |
| CWE-ID | CWE-119 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU93141
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47460
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ocfs2_set_inode_data_inline() and ocfs2_convert_inline_data_to_extents() functions in fs/ocfs2/alloc.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.9 - 5.15 rc7
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.9:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.8:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/560edd14de2bf9dbc0129681eeb4d5ef87cc105f
https://git.kernel.org/stable/c/8e6bfb4f70168ddfd32fb6dc028ad52faaf1f32e
https://git.kernel.org/stable/c/a3a089c241cd49b33a8cdd7fcb37cc87a086912a
https://git.kernel.org/stable/c/b05caf023b14cbed9223bb5b48ecc7bffe38f632
https://git.kernel.org/stable/c/f1b98569e81c37d7e0deada7172f8f60860c1360
https://git.kernel.org/stable/c/fa9b6b6c953e3f6441ed6cf83b4c771dac2dae08
https://git.kernel.org/stable/c/5314454ea3ff6fc746eaf71b9a7ceebed52888fa
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.253
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.214
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.288
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.76
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.156
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
