CVE-2021-47055

mtd: require write permissions for locking and badblock ioctls

Severity Score

3.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

mtd: require write permissions for locking and badblock ioctls

MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require
write permission. Depending on the hardware MEMLOCK might even be
write-once, e.g. for SPI-NOR flashes with their WP# tied to GND. OTPLOCK
is always write-once.

MEMSETBADBLOCK modifies the bad block table.

En el kernel de Linux se ha solucionado la siguiente vulnerabilidad: mtd: requiere permisos de escritura para bloqueo y badblock ioctls MEMLOCK, MEMUNLOCK y OTPLOCK modifican los bits de protección. Por lo tanto, requiere permiso de escritura. Dependiendo del hardware, MEMLOCK podría incluso ser de escritura única, por ejemplo, para flashes SPI-NOR con su WP# vinculado a GND. OTPLOCK siempre se escribe una vez. MEMSETBADBLOCK modifica la tabla de bloques defectuosos.

A flaw was found in the Linux Kernel, requiring write permissions for locking and badblock ioctls, as they modify protection bits.

*Credits: N/A

CVSS Scores

Red Hatv3.1 3.3

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-29 CVE Reserved
2024-02-29 CVE Published
2024-03-01 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (19)

URL	Tag	Source
https://git.kernel.org/stable/c/1c9f9125892a43901438bf704ada6b7019e2a884	Vuln. Introduced
https://git.kernel.org/stable/c/583d42400532fbd6228b0254d7c732b771e4750d	Vuln. Introduced
https://git.kernel.org/stable/c/389c74c218d3b182e9cd767e98cee0e0fd0dabaa	Vuln. Introduced
https://git.kernel.org/stable/c/ab1a602a9cea98aa37b2e6851b168d2a2633a58d	Vuln. Introduced
https://git.kernel.org/stable/c/9a53e8bd59d9f070505e51d3fd19606a270e6b93	Vuln. Introduced
https://git.kernel.org/stable/c/f7e6b19bc76471ba03725fe58e0c218a3d6266c3	Vuln. Introduced
https://git.kernel.org/stable/c/36a8b2f49235e63ab3f901fe12e1b6732f075c2e	Vuln. Introduced
https://git.kernel.org/stable/c/eb3d82abc335624a5e8ecfb75aba0b684e2dc4db	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/f4d28d8b9b0e7c4ae04214b8d7e0b0466ec6bcaf	2021-05-22
https://git.kernel.org/stable/c/9625b00cac6630479c0ff4b9fafa88bee636e1f0	2021-05-22
https://git.kernel.org/stable/c/f73b29819c6314c0ba8b7d5892dfb03487424bee	2021-05-22
https://git.kernel.org/stable/c/75ed985bd6c8ac1d4e673e93ea9d96c9908c1d37	2021-05-22
https://git.kernel.org/stable/c/5880afefe0cb9b2d5e801816acd58bfe91a96981	2021-05-14
https://git.kernel.org/stable/c/7b6552719c0ccbbea29dde4be141da54fdb5877e	2021-05-14
https://git.kernel.org/stable/c/077259f5e777c3c8821f6b41dee709fcda27306b	2021-05-14
https://git.kernel.org/stable/c/a08799d3e8c8088640956237c183f83463c39668	2021-05-14
https://git.kernel.org/stable/c/1e97743fd180981bef5f01402342bb54bf1c6366	2021-03-28

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2021-47055	2024-06-05
https://bugzilla.redhat.com/show_bug.cgi?id=2267185	2024-06-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.4.233 < 4.4.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.4.233 < 4.4.269"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.9.233 < 4.9.269 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.9.233 < 4.9.269"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14.194 < 4.14.233 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14.194 < 4.14.233"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.139 < 4.19.191 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.139 < 4.19.191"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.58 < 5.4.119 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.58 < 5.4.119"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.9 < 5.10.37 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9 < 5.10.37"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.9 < 5.11.21 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9 < 5.11.21"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.9 < 5.12.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9 < 5.12.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.9 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.9 < 5.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.7.15 Search vendor "Linux" for product "Linux Kernel" and version "5.7.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.8.1 Search vendor "Linux" for product "Linux Kernel" and version "5.8.1"		en		Affected