#VU104914 Incorrect calculation in Linux kernel - CVE-2021-47649

Cybersecurity Help s.r.o.

Published: 2025-02-27 | Updated: 2025-05-11

Vulnerability identifier: #VU104914

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47649

CWE-ID: CWE-682

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the udmabuf_create() function in drivers/dma-buf/udmabuf.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.10, 5.10 rc1, 5.10 rc2, 5.10 rc3, 5.10 rc4, 5.10 rc5, 5.10 rc7, 5.10.1, 5.10.2, 5.10.3, 5.10.4, 5.10.5, 5.10.6, 5.10.7, 5.10.8, 5.10.9, 5.10.10, 5.10.11, 5.10.12, 5.10.13, 5.10.14, 5.10.15, 5.10.16, 5.10.17, 5.10.18, 5.10.19, 5.10.20, 5.10.21, 5.10.22, 5.10.23, 5.10.24, 5.10.25, 5.10.26, 5.10.27, 5.10.28, 5.10.29, 5.10.30, 5.10.31, 5.10.32, 5.10.33, 5.10.34, 5.10.35, 5.10.36, 5.10.37, 5.10.38, 5.10.39, 5.10.40, 5.10.41, 5.10.42, 5.10.43, 5.10.44, 5.10.45, 5.10.46, 5.10.47, 5.10.48, 5.10.49, 5.10.50, 5.10.51, 5.10.52, 5.10.53, 5.10.54, 5.10.55, 5.10.56, 5.10.57, 5.10.58, 5.10.59, 5.10.60, 5.10.61, 5.10.62, 5.10.63, 5.10.64, 5.10.65, 5.10.66, 5.10.67, 5.10.68, 5.10.69, 5.10.70, 5.10.71, 5.10.72, 5.10.73, 5.10.74, 5.10.75, 5.10.76, 5.10.77, 5.10.78, 5.10.79, 5.10.80, 5.10.81, 5.10.82, 5.10.83, 5.10.84, 5.10.85, 5.10.86, 5.10.87, 5.10.88, 5.10.89, 5.10.90, 5.10.91, 5.10.92, 5.10.93, 5.10.94, 5.10.95, 5.10.96, 5.10.97, 5.10.98, 5.10.99, 5.10.100, 5.10.101, 5.10.102, 5.10.103, 5.10.104, 5.10.105, 5.10.106, 5.10.107, 5.10.108, 5.10.109

External links
https://git.kernel.org/stable/c/2b6dd600dd72573c23ea180b5b0b2f1813405882
https://git.kernel.org/stable/c/5d50f851dd307c07ca5591297093f19967c834a9
https://git.kernel.org/stable/c/811b667cefbea9cb7511a874b169d6a92907137e
https://git.kernel.org/stable/c/9e9b4a269f84d3230f2af84ff42322db676440d9
https://git.kernel.org/stable/c/a3728d32fc61eb0fe283cb8ff60b2c8f751e2202
https://git.kernel.org/stable/c/b267a8118c2b171bf7d67b90ed64154eeab9fae0
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.110

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Incorrect calculation in Linux kernel dma-buf driver