PT-2021-8175 · Linux+5 · Linux Kernel+5

James Smart

·

Published

2021-09-14

·

Updated

2024-10-25

·

CVE-2021-47203

CVSS v2.0

6.8

Medium

VectorAV:L/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a list corruption vulnerability in the Linux kernel's lpfc driver. When the driver attempts to pass requests to the adapter and fails, a local fail msg string is set, and a log message is output. The job is then added to a completions list for cancellation. However, since fail msg remains set, subsequent jobs are added to the completions list regardless of whether a wqe was passed to the adapter, resulting in list corruption. The fix involves clearing the fail msg string after adding a job to the completions list. This prevents subsequent jobs from being added to the completions list unless they had an appropriate failure. The vulnerability may allow an attacker to execute arbitrary code.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

BDU:2024-09225
CESA-2022_1988
CVE-2021-47203
OESA-2024-1567
OESA-2024-1568
OPENSUSE-SU-2024_1641-1
OPENSUSE-SU-2024_1642-1
OPENSUSE-SU-2024_1644-1
OPENSUSE-SU-2024_1659-1
OPENSUSE-SU-2024_1663-1
RHSA-2022:1988
RHSA-2022_1988
SUSE-SU-2024:1641-1
SUSE-SU-2024:1642-1
SUSE-SU-2024:1643-1
SUSE-SU-2024:1644-1
SUSE-SU-2024:1645-1
SUSE-SU-2024:1646-1
SUSE-SU-2024:1647-1
SUSE-SU-2024:1650-1
SUSE-SU-2024:1659-1
SUSE-SU-2024:1663-1
SUSE-SU-2024:1870-1

Affected Products

Astra Linux
Centos
Linux Kernel
Red Hat
Red Os
Suse