PT-2024-11145 · Linux+6 · Linux Kernel+6

Michael Walle

Published

2021-03-28

Updated

2025-01-09

CVE-2021-47055

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue concerns the requirement of write permissions for locking and badblock ioctls in the Linux kernel. Specifically, MEMLOCK, MEMUNLOCK, and OTPLOCK modify protection bits and thus require write permission. Depending on the hardware, MEMLOCK might even be write-once, for example, for SPI-NOR flashes with their WP# tied to GND. OTPLOCK is always write-once. MEMSETBADBLOCK modifies the bad block table.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALSA-2024:3618

ALSA-2024:3627

BDU:2025-07263

CESA-2024_3618

CESA-2024_3627

CVE-2021-47055

INFSA-2024_3618

INFSA-2024_3627

OPENSUSE-SU-2024_1489-1

RHSA-2024:3618

RHSA-2024:3627

RHSA-2024_3618

RHSA-2024_3627

RLSA-2024:3618

RLSA-2024:3627

SUSE-SU-2024:1454-1

SUSE-SU-2024:1465-1

SUSE-SU-2024:1489-1

SUSE-SU-2024:1643-1

SUSE-SU-2024:1646-1

SUSE-SU-2024:1870-1

USN-7148-1

Affected Products

Almalinux

Centos

Linux Kernel

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2024-11145 · Linux+6 · Linux Kernel+6

CVE-2021-47055

Weakness Enumeration

Related Identifiers

Affected Products

References · 850