CVE-2021-47547

net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound

Severity Score

4.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound

In line 5001, if all id in the array 'lp->phy[8]' is not 0, when the
'for' end, the 'k' is 8.

At this time, the array 'lp->phy[8]' may be out of bound.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: tulip: de4x5: soluciona el problema de que la matriz 'lp->phy[8]' puede estar fuera de límites En la línea 5001, si todos los ID de la matriz 'lp ->phy[8]' no es 0, cuando termina 'for', 'k' es 8. En este momento, la matriz 'lp->phy[8]' puede estar fuera de límite.

*Credits: N/A

CVSS Scores

CISAv3.1 4.4

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-24 CVE Reserved
2024-05-24 CVE Published
2024-05-25 EPSS Updated
2024-11-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/ec5bd0aef1cec96830d0c7e06d3597d9e786cc98	2021-12-08
https://git.kernel.org/stable/c/142ead3dc70411bd5977e8c47a6d8bf22287b3f8	2021-12-08
https://git.kernel.org/stable/c/d3dedaa5a601107cfedda087209772c76e364d58	2021-12-08
https://git.kernel.org/stable/c/2c1a6a9a011d622a7c61324a97a49801ba425eff	2021-12-08
https://git.kernel.org/stable/c/77ff166909458646e66450e42909e0adacc99049	2021-12-08
https://git.kernel.org/stable/c/f059fa40f0fcc6bc7a12e0f2a2504e9a4ff74f1f	2021-12-08
https://git.kernel.org/stable/c/12f907cb11576b8cd0b1d95a16d1f10ed5bb7237	2021-12-08
https://git.kernel.org/stable/c/61217be886b5f7402843677e4be7e7e83de9cb41	2021-11-18

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.4.294 Search vendor "Linux" for product "Linux Kernel" and version " < 4.4.294"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.9.292 Search vendor "Linux" for product "Linux Kernel" and version " < 4.9.292"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.14.257 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.257"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.220 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.220"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.164 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.164"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.84 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.84"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.7 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.16 Search vendor "Linux" for product "Linux Kernel" and version " < 5.16"		en		Affected