PT-2021-8192 · Linux+7 · Linux Kernel+7

Published

2021-11-18

Updated

2024-12-19

CVE-2021-47548

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a possible array overflow in the hns dsaf ge srst by port() function. This occurs because the length of dsaf dev->mac cb is DSAF MAX PORT NUM (i.e., 6), but the value of port can be 6 or 7, leading to an array overflow when accessing port rst off = dsaf dev->mac cb[port]->port rst off. The function hns dsaf ge srst by port() is vulnerable due to the lack of proper bounds checking for the port variable. To fix this, the function now checks if the port is greater than or equal to DSAF MAX PORT NUM and returns if true.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Memory Corruption

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787CWE-129

Related Identifiers

ALSA-2024:4583

ALSA-2024:5101

ALSA-2024:5102

BDU:2024-10579

CESA-2024_5101

CESA-2024_5102

CVE-2021-47548

INFSA-2024_4583

INFSA-2024_5101

INFSA-2024_5102

OESA-2024-1692

RHSA-2024:4533

RHSA-2024:4554

RHSA-2024:4583

RHSA-2024:4740

RHSA-2024:4902

RHSA-2024:5101

RHSA-2024:5102

RHSA-2024_4583

RHSA-2024_5101

RHSA-2024_5102

RLSA-2024:4583

RLSA-2024:5101

RLSA-2024:5102

RXSA-2024:5101

SUSE-SU-2024:1979-1

SUSE-SU-2024:1983-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2184-1

SUSE-SU-2024:2190-1

Affected Products

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Red Os

Rocky Linux

Suse

PT-2021-8192 · Linux+7 · Linux Kernel+7

CVE-2021-47548

Weakness Enumeration

Related Identifiers

Affected Products

References · 1986