PT-2021-8144 · Linux+6 · Linux Kernel+6

Andrea Righi

·

Published

2021-11-29

·

Updated

2024-10-11

·

CVE-2021-47097

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.13.0-22-generic #22+arighi20211110
Description The vulnerability is related to a stack out-of-bounds access in the elantech change report id() function. The param[] array in elantech change report id() must be at least 3 bytes, but it is defined as an array of 2 bytes, leading to a potential stack out-of-bounds access. This issue is confirmed by KASAN. The vulnerability can be exploited to cause a denial of service.
Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the stack out-of-bounds access in elantech change report id(). Specifically, update to a version later than 5.13.0-22-generic #22+arighi20211110.
Note: The provided input descriptions do not include information about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. Therefore, this information is not included in the description.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2024:7000
ALSA-2024:7001
BDU:2024-08416
CESA-2024_7000
CESA-2024_7001
CVE-2021-47097
INFSA-2024_7000
INFSA-2024_7001
OPENSUSE-SU-2024_1321-1
OPENSUSE-SU-2024_1322-1
OPENSUSE-SU-2024_1322-2
OPENSUSE-SU-2024_1332-1
OPENSUSE-SU-2024_1332-2
OPENSUSE-SU-2024_1466-1
OPENSUSE-SU-2024_1480-1
OPENSUSE-SU-2024_1489-1
OPENSUSE-SU-2024_1490-1
RHSA-2024:7000
RHSA-2024:7001
RHSA-2024_7000
RHSA-2024_7001
RLSA-2024:7001
SUSE-SU-2024:1320-1
SUSE-SU-2024:1321-1
SUSE-SU-2024:1465-1
SUSE-SU-2024:1466-1
SUSE-SU-2024:1480-1
SUSE-SU-2024:1489-1
SUSE-SU-2024:1490-1

Affected Products

Almalinux
Centos
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse