CVE-2021-47159

UNKNOWN

Published 2024-03-25T09:16:13.815Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-47159. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: fix a crash if ->get_sset_count() fails

If ds->ops->get_sset_count() fails then it "count" is a negative error
code such as -EOPNOTSUPP. Because "i" is an unsigned int, the negative
error code is type promoted to a very high value and the loop will
corrupt memory until the system crashes.

Fix this by checking for error codes and changing the type of "i" to
just int.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Linux

Affected Versions:

badf3ada60ab8f76f9488dc8f5c0c57f70682f5a badf3ada60ab8f76f9488dc8f5c0c57f70682f5a badf3ada60ab8f76f9488dc8f5c0c57f70682f5a badf3ada60ab8f76f9488dc8f5c0c57f70682f5a badf3ada60ab8f76f9488dc8f5c0c57f70682f5a

Linux

Affected Versions:

4.7 0 4.19.193 5.4.124 5.10.42 5.12.9 5.13

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-5c7w-v73j-6cr4

Advisory Details

In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix a crash if ->get_sset_count() fails If ds->ops->get_sset_count() fails then it "count" is a negative error code such as -EOPNOTSUPP. Because "i" is an unsigned int, the negative error code is type promoted to a very high value and the loop will corrupt memory until the system crashes. Fix this by checking for error codes and changing the type of "i" to just int.

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-47159

WEB https://git.kernel.org/stable/c/0f2cb08c57edefb0e7b5045e0e3e9980a3d3aa37

WEB https://git.kernel.org/stable/c/7b22466648a4f8e3e94f57ca428d1531866d1373

WEB https://git.kernel.org/stable/c/a269333fa5c0c8e53c92b5a28a6076a28cde3e83

WEB https://git.kernel.org/stable/c/caff86f85512b8e0d9830e8b8b0dfe13c68ce5b6

WEB https://git.kernel.org/stable/c/ce5355f140a7987011388c7e30c4f8fbe180d3e8

Advisory provided by GitHub Security Advisory Database. Published: March 25, 2024, Modified: March 13, 2025

References

https://git.kernel.org/stable/c/0f2cb08c57edefb0e7b5045e0e3e9980a3d3aa37

https://git.kernel.org/stable/c/ce5355f140a7987011388c7e30c4f8fbe180d3e8

https://git.kernel.org/stable/c/caff86f85512b8e0d9830e8b8b0dfe13c68ce5b6

https://git.kernel.org/stable/c/7b22466648a4f8e3e94f57ca428d1531866d1373

https://git.kernel.org/stable/c/a269333fa5c0c8e53c92b5a28a6076a28cde3e83

Published: 2024-03-25T09:16:13.815Z

Last Modified: 2025-05-04T07:05:17.593Z

Copied to clipboard!

CVE-2021-47159

Expert Analysis

Description

Available Exploits

Related News

Affected Products

Linux

Affected Versions:

Linux

Affected Versions:

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!