PT-2021-4238 · Linux+5 · Linux Kernel+5

Butt3Rflyh4Ck

Published

2021-03-25

Updated

2023-05-17

CVE-2021-3506

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.0-rc4

Description An out-of-bounds memory access flaw was found in the f2fs module of the Linux kernel. This flaw is due to a bounds check failure, allowing a local attacker to access out-of-bounds memory. The exploitation of this issue can lead to a system crash or the leak of internal kernel information, with the highest threat being to system availability.

Recommendations For versions prior to 5.12.0-rc4, update to version 5.12.0-rc4 or later to resolve the issue. As a temporary workaround, consider restricting access to the f2fs module to minimize the risk of exploitation.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2021-1833

ALT-PU-2021-1888

ALT-PU-2021-1896

ALT-PU-2021-1983

ALT-PU-2021-3481

ALT-PU-2022-1240

ALT-PU-2022-1419

ALT-PU-2022-1421

ALT-PU-2023-1814

AZL-6571

BDU:2021-04844

CVE-2021-3506

DLA-2690-1

MGASA-2021-0214

MGASA-2021-0215

OESA-2021-1176

USN-4997-1

USN-4997-2

USN-5000-1

USN-5000-2

USN-5001-1

USN-5016-1

USN-5339-1

USN-5343-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2021-4238 · Linux+5 · Linux Kernel+5

CVE-2021-3506

Weakness Enumeration

Related Identifiers

Affected Products

References · 149