CVE-2021-47478

Summary

In the Linux kernel, the following vulnerability has been resolved:

isofs: Fix out of bound access for corrupted isofs image

When isofs image is suitably corrupted isofs_read_inode() can read data beyond the end of buffer. Sanity-check the directory entry length before using it.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 156ce5bb6cc43a80a743810199defb1dc3f55b7faffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9ec33a9b8790c212cc926a88c5e2105f97f3f57eaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < afbd40f425227e661d991757e11cc4db024e761faffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < b0ddff8d68f2e43857a84dce54c3deab181c8ae1affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6e80e9314f8bb52d9eabe1907698718ff01120f5affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 86d4aedcbc69c0f84551fb70f953c24e396de2d7affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < b2fa1f52d22c5455217b294629346ad23a744945affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < e7fb722586a2936b37bdff096c095c30ca06404daffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < e96a1866b40570b5950cda8602c2819189c62a48affected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux4.4.292 <= 4.4.*unaffected
LinuxLinux4.9.290 <= 4.9.*unaffected
LinuxLinux4.14.255 <= 4.14.*unaffected
LinuxLinux4.19.217 <= 4.19.*unaffected
LinuxLinux5.4.159 <= 5.4.*unaffected
LinuxLinux5.10.79 <= 5.10.*unaffected
LinuxLinux5.14.18 <= 5.14.*unaffected
LinuxLinux5.15.2 <= 5.15.*unaffected
LinuxLinux5.16 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References