CVE-2021-47548

ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() The if statement: if (port >= DSAF_GE_NUM) return; limits the value of port less than DSAF_GE_NUM (i.e., 8).
However, if the value of port is 6 or 7, an array overflow could occur: port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off; because the length of dsaf_dev->mac_cb is DSAF_MAX_PORT_NUM (i.e., 6). To fix this possible array overflow, we first check port and if it is
greater than or equal to DSAF_MAX_PORT_NUM, the function returns.

En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ethernet: hisilicon: hns: hns_dsaf_misc: corrige un posible desbordamiento de matriz en hns_dsaf_ge_srst_by_port() La sentencia if: if (port >= DSAF_GE_NUM) return; limita el valor del puerto a menos de DSAF_GE_NUM (es decir, 8). Sin embargo, si el valor del puerto es 6 o 7, podría producirse un desbordamiento de la matriz: port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off; porque la longitud de dsaf_dev->mac_cb es DSAF_MAX_PORT_NUM (es decir, 6). Para solucionar este posible desbordamiento de la matriz, primero verificamos el puerto y si es mayor o igual a DSAF_MAX_PORT_NUM, la función regresa.

In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() The if statement: if (port >= DSAF_GE_NUM) return; limits the value of port less than DSAF_GE_NUM (i.e., 8). However, if the value of port is 6 or 7, an array overflow could occur: port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off; because the length of dsaf_dev->mac_cb is DSAF_MAX_PORT_NUM (i.e., 6). To fix this possible array overflow, we first check port and if it is greater than or equal to DSAF_MAX_PORT_NUM, the function returns.

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include double free and null pointer vulnerabilities.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Multiple

Confidentiality

Partial

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-05-24 CVE Reserved
2024-05-24 CVE Published
2024-12-19 CVE Updated
2025-03-20 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-129: Improper Validation of Array Index

CAPEC

References (9)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/948968f8747650447c8f21c9fdba0e1973be040b	2021-12-08
https://git.kernel.org/stable/c/abbd5faa0748d0aa95d5191d56ff7a17a6275bd1	2021-12-08
https://git.kernel.org/stable/c/dd07f8971b81ad98cc754b179b331b57f35aa1ff	2021-12-08
https://git.kernel.org/stable/c/99bb25cb6753beaf2c2bc37927c2ecc0ceff3f6d	2021-12-08
https://git.kernel.org/stable/c/22519eff7df2d88adcc2568d86046ce1e2b52803	2021-12-08
https://git.kernel.org/stable/c/fc7ffa7f10b9454a86369405d9814bf141b30627	2021-12-08
https://git.kernel.org/stable/c/a66998e0fbf213d47d02813b9679426129d0d114	2021-11-18

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2021-47548	2024-08-08
https://bugzilla.redhat.com/show_bug.cgi?id=2283401	2024-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.9.292 Search vendor "Linux" for product "Linux Kernel" and version " < 4.9.292"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.14.257 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.257"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.220 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.220"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.164 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.164"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.84 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.84"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.7 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.16 Search vendor "Linux" for product "Linux Kernel" and version " < 5.16"		en		Affected