PT-2021-8156 · Linux+3 · Linux Kernel+3

Damien Le Moal

Published

2021-09-29

Updated

2026-03-14

CVE-2021-47182

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the scsi mode sense() function in the Linux kernel, which has problems with buffer length handling. Specifically, the allocation length field of the MODE SENSE(10) command is 16-bits, but it is set by assigning len to byte 8 only, thus truncating buffer lengths larger than 255. Additionally, if scsi mode sense() is called with len smaller than 8 with sdev->use 10 for ms set, or smaller than 4 otherwise, the buffer length is increased to 8 and 4 respectively, and the buffer is zero-filled with these increased values, thus corrupting the memory following the buffer. The issue can be exploited to execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Allocation of Resources Without Limits

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-119

Related Identifiers

BDU:2024-09142

CVE-2021-47182

OESA-2024-1566

OESA-2024-1567

OESA-2024-1568

OESA-2024-1569

OESA-2024-1570

OESA-2024-1571

OPENSUSE-SU-2024_1490-1

OPENSUSE-SU-2024_1641-1

OPENSUSE-SU-2024_1659-1

OPENSUSE-SU-2024_1663-1

SUSE-SU-2024:1490-1

SUSE-SU-2024:1641-1

SUSE-SU-2024:1643-1

SUSE-SU-2024:1646-1

SUSE-SU-2024:1647-1

SUSE-SU-2024:1659-1

SUSE-SU-2024:1663-1

SUSE-SU-2024:1870-1

Affected Products

Debian

Linux Kernel

Red Os

Suse

PT-2021-8156 · Linux+3 · Linux Kernel+3

CVE-2021-47182

Weakness Enumeration

Related Identifiers

Affected Products

References · 1053