5.5
CVE-2021-47276
- EPSS 0.24%
- Veröffentlicht 21.05.2024 15:15:15
- Zuletzt bearbeitet 30.04.2025 14:46:07
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
ftrace: Do not blindly read the ip address in ftrace_bug()
In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not blindly read the ip address in ftrace_bug() It was reported that a bug on arm64 caused a bad ip address to be used for updating into a nop in ftrace_init(), but the error path (rightfully) returned -EINVAL and not -EFAULT, as the bug caused more than one error to occur. But because -EINVAL was returned, the ftrace_bug() tried to report what was at the location of the ip address, and read it directly. This caused the machine to panic, as the ip was not pointing to a valid memory address. Instead, read the ip address with copy_from_kernel_nofault() to safely access the memory, and if it faults, report that the address faulted, otherwise report what was in that location.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.28 < 4.4.273
Linux ≫ Linux Kernel Version >= 4.5 < 4.9.273
Linux ≫ Linux Kernel Version >= 4.10 < 4.14.237
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.195
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.126
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.44
Linux ≫ Linux Kernel Version >= 5.11 < 5.12.11
Linux ≫ Linux Kernel Version5.13 Updaterc1
Linux ≫ Linux Kernel Version5.13 Updaterc2
Linux ≫ Linux Kernel Version5.13 Updaterc3
Linux ≫ Linux Kernel Version5.13 Updaterc4
Linux ≫ Linux Kernel Version5.13 Updaterc5
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.143 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-706 Use of Incorrectly-Resolved Name or Reference
The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.
https://git.kernel.org/stable/c/0bc62e398bbd9e600959e610def5109957437b28
https://git.kernel.org/stable/c/3e4ddeb68751fb4fb657199aed9cfd5d02796875
https://git.kernel.org/stable/c/4aedc2bc2b32c93555f47c95610efb89cc1ec09b
https://git.kernel.org/stable/c/6c14133d2d3f768e0a35128faac8aa6ed4815051
https://git.kernel.org/stable/c/7e4e824b109f1d41ccf223fbb0565d877d6223a2
https://git.kernel.org/stable/c/862dcc14f2803c556bdd73b43c27b023fafce2fb
https://git.kernel.org/stable/c/97524384762c1fb9b3ded931498dd2047bd0de81
https://git.kernel.org/stable/c/acf671ba79c1feccc3ec7cfdcffead4efcec49e7