CVE-2021-47368 : In the Linux kernel, the following vulnerability has been resolved: enetc: Fix

In the Linux kernel, the following vulnerability has been resolved: enetc: Fix illegal access when reading affinity_hint irq_set_affinity_hit() stores a reference to the cpumask_t parameter in the irq descriptor, and that reference can be accessed later from irq_affinity_hint_proc_show(). Since the cpu_mask parameter passed to irq_set_affinity_hit() has only temporary storage (it's on the stack memory), later accesses to it are illegal. Thus reads from the corresponding procfs affinity_hint file can result in paging request oops. The issue is fixed by the get_cpu_mask() helper, which provides a permanent storage for the cpumask_t parameter.

Published 2024-05-21 15:15:23

Updated 2025-04-02 14:53:33

Source Linux

View at NVD, CVE.org

Products affected by CVE-2021-47368

Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.14.9
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.1 and before (<) 5.4.150
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.5 and before (<) 5.10.70
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC1
cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.15 Update RC2
cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-47368

EPSS FAQ

0.31%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 52 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-47368

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H	2.8	5.2	134c704f-9b21-4f2e-91b3-4a467353bcc0	2024-07-03
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: High

CWE ids for CVE-2021-47368

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2021-47368

https://git.kernel.org/stable/c/6f329d9da2a5ae032fcde800a99b118124ed5270

enetc: Fix illegal access when reading affinity_hint - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/4c4c3052911b577920353a7646e4883d5da40c28

enetc: Fix illegal access when reading affinity_hint - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/7237a494decfa17d0b9d0076e6cee3235719de90

enetc: Fix illegal access when reading affinity_hint - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/6c3f1b741c6c2914ea120e3a5790d3e900152f7b

enetc: Fix illegal access when reading affinity_hint - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2021-47368

Products affected by CVE-2021-47368

Exploit prediction scoring system (EPSS) score for CVE-2021-47368

CVSS scores for CVE-2021-47368

CWE ids for CVE-2021-47368

References for CVE-2021-47368