First published: Wed Jun 19 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: vduse: fix memory corruption in vduse_dev_ioctl() The "config.offset" comes from the user. There needs to a check to prevent it being out of bounds. The "config.offset" and "dev->config_size" variables are both type u32. So if the offset if out of bounds then the "dev->config_size - config.offset" subtraction results in a very high u32 value. The out of bounds offset can result in memory corruption.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Software | Affected Version | How to fix |
---|---|---|
Linux kernel | >=5.15<5.15.11 | |
Linux kernel | =5.16-rc1 | |
Linux kernel | =5.16-rc2 | |
Linux kernel | =5.16-rc3 | |
Linux kernel | =5.16-rc4 | |
Linux kernel | =5.16-rc5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-47605 is classified as a medium severity vulnerability due to potential memory corruption risks.
To fix CVE-2021-47605, upgrade your Linux kernel to version 5.15.11 or higher, or any of the 5.16 release candidates.
CVE-2021-47605 affects Linux kernel versions from 5.15 to 5.16-rc5.
CVE-2021-47605 is a memory corruption vulnerability in the vduse_dev_ioctl function of the Linux kernel.
Users running vulnerable versions of the Linux kernel that utilize the vduse device may be affected by CVE-2021-47605.