PT-2024-8864 · Linux+3 · Linux Kernel+3

Mike Marciniszyn

Published

2024-05-24

Updated

2024-11-26

CVE-2021-47523

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to a leak of the rcvhdrtail dummy kvaddr buffer in the IB/hfi1 component of the Linux kernel. This leak occurs when the reinit path overwrites the old allocation, causing it to be lost. The vulnerability allows an attacker to potentially gain access to confidential information. The fix involves moving the allocation of the buffer to hfi1 alloc devdata() and the deallocation to hfi1 free devdata().

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Information Disclosure

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-401

Related Identifiers

BDU:2024-10531

CVE-2021-47523

OPENSUSE-SU-2024_2185-1

OPENSUSE-SU-2024_2189-1

SUSE-SU-2024:1979-1

SUSE-SU-2024:1983-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2010-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2184-1

SUSE-SU-2024:2185-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2024-8864 · Linux+3 · Linux Kernel+3

CVE-2021-47523

Weakness Enumeration

Related Identifiers

Affected Products

References · 1504