PT-2021-1513 · Linux+5 · Linux Kernel+5

Syzbot

·

Published

2021-03-14

·

Updated

2023-05-17

·

CVE-2021-29647

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.11.11
Description An issue in the Linux kernel allows attackers to obtain sensitive information from kernel memory due to a partially uninitialized data structure in the qrtr recvmsg function. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Recommendations For Linux kernel versions prior to 5.11.11, update to version 5.11.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the qrtr recvmsg function in net/qrtr/qrtr.c to minimize the risk of exploitation.

Fix

Information Disclosure

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-909CWE-200CWE-665

Related Identifiers

ALT-PU-2021-1582
ALT-PU-2021-1609
ALT-PU-2021-1869
ALT-PU-2021-1888
ALT-PU-2021-1896
ALT-PU-2022-1240
ALT-PU-2022-1419
ALT-PU-2022-1421
ALT-PU-2023-1814
ASB-A-184622099
AZL-6550
BDU:2021-02101
CVE-2021-29647
DLA-2689-1
DLA-2690-1
OESA-2021-1176
OPENSUSE-SU-2021:0532-1
OPENSUSE-SU-2021:0758-1
OPENSUSE-SU-2021:1975-1
OPENSUSE-SU-2021:1977-1
OPENSUSE-SU-2021_0532-1
OPENSUSE-SU-2021_0758-1
OPENSUSE-SU-2021_1975-1
OPENSUSE-SU-2021_1977-1
SUSE-SU-2021:1175-1
SUSE-SU-2021:1176-1
SUSE-SU-2021:1177-1
SUSE-SU-2021:1210-1
SUSE-SU-2021:1211-1
SUSE-SU-2021:1238-1
SUSE-SU-2021:1573-1
SUSE-SU-2021:1596-1
SUSE-SU-2021:1624-1
SUSE-SU-2021:1625-1
SUSE-SU-2021:1975-1
SUSE-SU-2021:1977-1
USN-4948-1
USN-4979-1
USN-4982-1
USN-4984-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu