7.8
CVE-2021-47137
- EPSS 0.23%
- Veröffentlicht 25.03.2024 09:15:08
- Zuletzt bearbeitet 19.03.2025 16:27:59
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
net: lantiq: fix memory corruption in RX ring
In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails, DMA should reuse the previous skb and mapping and drop the packet. This patch also increments rx drop counter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.124
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.42
Linux ≫ Linux Kernel Version >= 5.11 < 5.12.9
Linux ≫ Linux Kernel Version5.13 Updaterc1
Linux ≫ Linux Kernel Version5.13 Updaterc2
Linux ≫ Linux Kernel Version5.13 Updaterc3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.137 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
https://git.kernel.org/stable/c/46dd4abced3cb2c912916f4a5353e0927db0c4a2
https://git.kernel.org/stable/c/5ac72351655f8b033a2935646f53b7465c903418
https://git.kernel.org/stable/c/8bb1077448d43a871ed667520763e3b9f9b7975d
https://git.kernel.org/stable/c/c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20