medium
5.5
CWE
667
Advisory Published
Updated

CVE-2021-47055: mtd: require write permissions for locking and badblock ioctls

First published: Thu Feb 29 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require write permission. Depending on the hardware MEMLOCK might even be write-once, e.g. for SPI-NOR flashes with their WP# tied to GND. OTPLOCK is always write-once. MEMSETBADBLOCK modifies the bad block table.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
redhat/kernel<4.4.269
4.4.269
redhat/kernel<4.9.269
4.9.269
redhat/kernel<4.14.233
4.14.233
redhat/kernel<4.19.191
4.19.191
redhat/kernel<5.4.119
5.4.119
redhat/kernel<5.10.37
5.10.37
redhat/kernel<5.11.21
5.11.21
redhat/kernel<5.12.4
5.12.4
redhat/kernel<5.13
5.13
Linux Kernel>=4.4.233<4.4.269
Linux Kernel>=4.9.233<4.9.269
Linux Kernel>=4.14.194<4.14.233
Linux Kernel>=4.19.139<4.19.191
Linux Kernel>=5.4.58<5.4.119
Linux Kernel>=5.9<5.10.37
Linux Kernel>=5.11<5.11.21
Linux Kernel>=5.12<5.12.4
debian/linux
5.10.223-1
5.10.226-1
6.1.123-1
6.1.128-1
6.12.12-1
6.12.15-1

Remedy

https://git.kernel.org/stable/c/077259f5e777c3c8821f6b41dee709fcda27306b

Remedy

https://git.kernel.org/stable/c/1e97743fd180981bef5f01402342bb54bf1c6366

Remedy

https://git.kernel.org/stable/c/5880afefe0cb9b2d5e801816acd58bfe91a96981

Remedy

https://git.kernel.org/stable/c/75ed985bd6c8ac1d4e673e93ea9d96c9908c1d37

Remedy

https://git.kernel.org/stable/c/7b6552719c0ccbbea29dde4be141da54fdb5877e

Remedy

https://git.kernel.org/stable/c/9625b00cac6630479c0ff4b9fafa88bee636e1f0

Remedy

https://git.kernel.org/stable/c/a08799d3e8c8088640956237c183f83463c39668

Remedy

https://git.kernel.org/stable/c/f4d28d8b9b0e7c4ae04214b8d7e0b0466ec6bcaf

Remedy

https://git.kernel.org/stable/c/f73b29819c6314c0ba8b7d5892dfb03487424bee

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-47055?

    CVE-2021-47055 has a medium severity due to improper permission checks in the Linux kernel.

  • How do I fix CVE-2021-47055?

    To fix CVE-2021-47055, you should update your Linux kernel to the specified patched versions such as 4.4.269, 4.9.269, 4.14.233, or others listed in the advisory.

  • Which Linux kernel versions are affected by CVE-2021-47055?

    CVE-2021-47055 affects multiple Linux kernel versions prior to the patched versions including 4.4.269, 4.9.269, 4.14.233, and later.

  • Is CVE-2021-47055 specific to any distribution of Linux?

    CVE-2021-47055 is applicable to various distributions of Linux that use the affected kernel versions such as Red Hat and Debian.

  • What are the consequences of not addressing CVE-2021-47055?

    Failing to address CVE-2021-47055 may lead to unauthorized write access to critical parts of the memory, compromising system integrity.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203