CVE-2021-47137

net: lantiq: fix memory corruption in RX ring

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

net: lantiq: fix memory corruption in RX ring

In a situation where memory allocation or dma mapping fails, an
invalid address is programmed into the descriptor. This can lead
to memory corruption. If the memory allocation fails, DMA should
reuse the previous skb and mapping and drop the packet. This patch
also increments rx drop counter.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: lantiq: corrige la corrupción de la memoria en el anillo RX En una situación en la que falla la asignación de memoria o el mapeo dma, se programa una dirección no válida en el descriptor. Esto puede provocar daños en la memoria. Si la asignación de memoria falla, DMA debería reutilizar el skb y el mapeo anteriores y descartar el paquete. Este parche también incrementa el contador de caídas de rx.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-04 CVE Reserved
2024-03-25 CVE Published
2024-03-26 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/fe1a56420cf2ec28c8eceef672b87de0bbe1a260	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/8bb1077448d43a871ed667520763e3b9f9b7975d	2021-06-03
https://git.kernel.org/stable/c/5ac72351655f8b033a2935646f53b7465c903418	2021-06-03
https://git.kernel.org/stable/c/46dd4abced3cb2c912916f4a5353e0927db0c4a2	2021-06-03
https://git.kernel.org/stable/c/c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20	2021-05-21

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.4.124 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.124"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.10.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.10.42"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.12.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.12.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.13"		en		Affected