CVE-2021-47137

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: lantiq: fix memory corruption in RX ring

In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails, DMA should reuse the previous skb and mapping and drop the packet. This patch also increments rx drop counter.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxfe1a56420cf2ec28c8eceef672b87de0bbe1a260 < 8bb1077448d43a871ed667520763e3b9f9b7975daffected
LinuxLinuxfe1a56420cf2ec28c8eceef672b87de0bbe1a260 < 5ac72351655f8b033a2935646f53b7465c903418affected
LinuxLinuxfe1a56420cf2ec28c8eceef672b87de0bbe1a260 < 46dd4abced3cb2c912916f4a5353e0927db0c4a2affected
LinuxLinuxfe1a56420cf2ec28c8eceef672b87de0bbe1a260 < c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20affected
LinuxLinux4.20affected
LinuxLinux0 < 4.20unaffected
LinuxLinux5.4.124 <= 5.4.*unaffected
LinuxLinux5.10.42 <= 5.10.*unaffected
LinuxLinux5.12.9 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References