7.5

CVE-2021-47241

EPSS 0.05%
Veröffentlicht 21.05.2024 15:15:13
Zuletzt bearbeitet 04.04.2025 14:30:41
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

ethtool: strset: fix message length calculation

Outer nest for ETHTOOL_A_STRSET_STRINGSETS is not accounted for.
This may result in ETHTOOL_MSG_STRSET_GET producing a warning like:

    calculated message payload length (684) not sufficient
    WARNING: CPU: 0 PID: 30967 at net/ethtool/netlink.c:369 ethnl_default_doit+0x87a/0xa20

and a splat.

As usually with such warnings three conditions must be met for the warning
to trigger:
 - there must be no skb size rounding up (e.g. reply_size of 684);
 - string set must be per-device (so that the header gets populated);
 - the device name must be at least 12 characters long.

all in all with current user space it looks like reading priv flags
is the only place this could potentially happen. Or with syzbot :)

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.6 < 5.10.46

Linux ≫ Linux Kernel Version >= 5.11 < 5.12.13

Linux ≫ Linux Kernel Version5.13 Updaterc1

Linux ≫ Linux Kernel Version5.13 Updaterc2

Linux ≫ Linux Kernel Version5.13 Updaterc3

Linux ≫ Linux Kernel Version5.13 Updaterc4

Linux ≫ Linux Kernel Version5.13 Updaterc5

Linux ≫ Linux Kernel Version5.13 Updaterc6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.142

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

https://git.kernel.org/stable/c/cfc7f0e70d649e6d2233fba0d9390b525677d971

Patch

https://git.kernel.org/stable/c/e175aef902697826d344ce3a12189329848fe898

Patch

https://git.kernel.org/stable/c/fb3a948143688e14e2cfd2a2812877923d0e5e92

Patch

https://nvd.nist.gov/vuln/detail/CVE-2021-47241

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-47241

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-47241

EUVD