CVE-2021-47339

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the compat ioctl implementation in the Linux kernel, where mistakes can lead to uninitialized kernel stack data being used as input for driver ioctl handlers. This might cause an information leak. The impact is considered fairly low since drivers already need to check user input.

Recommendations To resolve the issue, always clear the entire ioctl buffer before calling the conversion handler functions that are meant to initialize them. As a temporary workaround, consider restricting access to the vulnerable ioctl implementation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.