CVE-2021-47159 : In the Linux kernel, the following vulnerability has been resolved: net: dsa: f

In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix a crash if ->get_sset_count() fails If ds->ops->get_sset_count() fails then it "count" is a negative error code such as -EOPNOTSUPP. Because "i" is an unsigned int, the negative error code is type promoted to a very high value and the loop will corrupt memory until the system crashes. Fix this by checking for error codes and changing the type of "i" to just int.

Published 2024-03-25 09:16:14

Updated 2025-03-13 21:24:10

Source Linux

View at NVD, CVE.org

Products affected by CVE-2021-47159

Linux » Linux Kernel
Versions from including (>=) 4.20 and before (<) 5.4.124
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.12.9
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.5 and before (<) 5.10.42
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.7 and before (<) 4.19.193
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.13 Update RC1
cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.13 Update RC2
cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.13 Update RC3
cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-47159

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 12 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-47159

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST	2025-03-13
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	N/A	N/A	RedHat-CVE-2021-47159	2024-03-25
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-47159

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-47159

https://git.kernel.org/stable/c/caff86f85512b8e0d9830e8b8b0dfe13c68ce5b6

net: dsa: fix a crash if ->get_sset_count() fails - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/0f2cb08c57edefb0e7b5045e0e3e9980a3d3aa37

net: dsa: fix a crash if ->get_sset_count() fails - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/ce5355f140a7987011388c7e30c4f8fbe180d3e8

net: dsa: fix a crash if ->get_sset_count() fails - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/7b22466648a4f8e3e94f57ca428d1531866d1373

net: dsa: fix a crash if ->get_sset_count() fails - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/a269333fa5c0c8e53c92b5a28a6076a28cde3e83

net: dsa: fix a crash if ->get_sset_count() fails - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2021-47159

Products affected by CVE-2021-47159

Exploit prediction scoring system (EPSS) score for CVE-2021-47159

CVSS scores for CVE-2021-47159

CWE ids for CVE-2021-47159

References for CVE-2021-47159