CVE-2021-47478
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In the Linux kernel, the following vulnerability has been resolved:
isofs: Fix out of bound access for corrupted isofs image
When isofs image is suitably corrupted isofs_read_inode() can read data beyond the end of buffer. Sanity-check the directory entry length before using it.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 156ce5bb6cc43a80a743810199defb1dc3f55b7f | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9ec33a9b8790c212cc926a88c5e2105f97f3f57e | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < afbd40f425227e661d991757e11cc4db024e761f | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < b0ddff8d68f2e43857a84dce54c3deab181c8ae1 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6e80e9314f8bb52d9eabe1907698718ff01120f5 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 86d4aedcbc69c0f84551fb70f953c24e396de2d7 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < b2fa1f52d22c5455217b294629346ad23a744945 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < e7fb722586a2936b37bdff096c095c30ca06404d | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < e96a1866b40570b5950cda8602c2819189c62a48 | affected |
| Linux | Linux | 2.6.12 | affected |
| Linux | Linux | 0 < 2.6.12 | unaffected |
| Linux | Linux | 4.4.292 <= 4.4.* | unaffected |
| Linux | Linux | 4.9.290 <= 4.9.* | unaffected |
| Linux | Linux | 4.14.255 <= 4.14.* | unaffected |
| Linux | Linux | 4.19.217 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.159 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.79 <= 5.10.* | unaffected |
| Linux | Linux | 5.14.18 <= 5.14.* | unaffected |
| Linux | Linux | 5.15.2 <= 5.15.* | unaffected |
| Linux | Linux | 5.16 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/156ce5bb6cc43a80a743810199defb1dc3f55b7f
- https://git.kernel.org/stable/c/9ec33a9b8790c212cc926a88c5e2105f97f3f57e
- https://git.kernel.org/stable/c/afbd40f425227e661d991757e11cc4db024e761f
- https://git.kernel.org/stable/c/b0ddff8d68f2e43857a84dce54c3deab181c8ae1
- https://git.kernel.org/stable/c/6e80e9314f8bb52d9eabe1907698718ff01120f5
- https://git.kernel.org/stable/c/86d4aedcbc69c0f84551fb70f953c24e396de2d7
- https://git.kernel.org/stable/c/b2fa1f52d22c5455217b294629346ad23a744945
- https://git.kernel.org/stable/c/e7fb722586a2936b37bdff096c095c30ca06404d
- https://git.kernel.org/stable/c/e96a1866b40570b5950cda8602c2819189c62a48
References
- https://git.kernel.org/stable/c/156ce5bb6cc43a80a743810199defb1dc3f55b7f
- https://git.kernel.org/stable/c/9ec33a9b8790c212cc926a88c5e2105f97f3f57e
- https://git.kernel.org/stable/c/afbd40f425227e661d991757e11cc4db024e761f
- https://git.kernel.org/stable/c/b0ddff8d68f2e43857a84dce54c3deab181c8ae1
- https://git.kernel.org/stable/c/6e80e9314f8bb52d9eabe1907698718ff01120f5
- https://git.kernel.org/stable/c/86d4aedcbc69c0f84551fb70f953c24e396de2d7
- https://git.kernel.org/stable/c/b2fa1f52d22c5455217b294629346ad23a744945
- https://git.kernel.org/stable/c/e7fb722586a2936b37bdff096c095c30ca06404d
- https://git.kernel.org/stable/c/e96a1866b40570b5950cda8602c2819189c62a48
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.