#VU90276 Out-of-bounds read in Linux kernel - CVE-2021-47497
Published: May 31, 2024 / Updated: May 14, 2025
Vulnerability identifier: #VU90276
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-47497
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nvmem_shift_read_buffer_in_place() function in drivers/nvmem/core.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/abcb8d33e4d2215ccde5ab5ccf9f730a59d79d97
- https://git.kernel.org/stable/c/60df06bbdf497e37ed25ad40572c362e5b0998df
- https://git.kernel.org/stable/c/2df6c023050205c4d04ffc121bc549f65cb8d1df
- https://git.kernel.org/stable/c/eb0fc8e7170e61eaf65d28dee4a8baf4e86b19ca
- https://git.kernel.org/stable/c/0594f1d048d8dc338eb9a240021b1d00ae1eb082
- https://git.kernel.org/stable/c/57e48886401b14cd351423fabfec2cfd18df4f66
- https://git.kernel.org/stable/c/0e822e5413da1af28cca350cb1cb42b6133bdcae
- https://git.kernel.org/stable/c/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.252
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.213
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.290
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.288
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.75
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.155