CVE-2021-47137
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/03/2024
Last modified:
19/03/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: lantiq: fix memory corruption in RX ring<br />
<br />
In a situation where memory allocation or dma mapping fails, an<br />
invalid address is programmed into the descriptor. This can lead<br />
to memory corruption. If the memory allocation fails, DMA should<br />
reuse the previous skb and mapping and drop the packet. This patch<br />
also increments rx drop counter.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.124 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.10.42 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.12.9 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/46dd4abced3cb2c912916f4a5353e0927db0c4a2
- https://git.kernel.org/stable/c/5ac72351655f8b033a2935646f53b7465c903418
- https://git.kernel.org/stable/c/8bb1077448d43a871ed667520763e3b9f9b7975d
- https://git.kernel.org/stable/c/c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20
- https://git.kernel.org/stable/c/46dd4abced3cb2c912916f4a5353e0927db0c4a2
- https://git.kernel.org/stable/c/5ac72351655f8b033a2935646f53b7465c903418
- https://git.kernel.org/stable/c/8bb1077448d43a871ed667520763e3b9f9b7975d
- https://git.kernel.org/stable/c/c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20