Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2021-47159HistoryMar 25, 2024 - 10:15 a.m.
CVE-2021-47159
2024-03-2510:15:08
Debian Security Bug Tracker
security-tracker.debian.org
11
linux kernel
net dsa
get_sset_count failure
memory corruption
system crash
type promotion
error code.
In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix a crash if ->get_sset_count() fails If ds->ops->get_sset_count() fails then it “count” is a negative error code such as -EOPNOTSUPP. Because “i” is an unsigned int, the negative error code is type promoted to a very high value and the loop will corrupt memory until the system crashes. Fix this by checking for error codes and changing the type of “i” to just int.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | linux | < 5.14.6-1 | linux_5.14.6-1_all.deb |
| Debian | 11 | all | linux | < 5.10.46-1 | linux_5.10.46-1_all.deb |
| Debian | 999 | all | linux | < 5.14.6-1 | linux_5.14.6-1_all.deb |
| Debian | 13 | all | linux | < 5.14.6-1 | linux_5.14.6-1_all.deb |
Related
vulnrichment
vulnrichment
CVE-2021-47159 net: dsa: fix a crash if ->get_sset_count() fails
2024-03-25 09:16:13
cvelist
cvelist
CVE-2021-47159 net: dsa: fix a crash if ->get_sset_count() fails
2024-03-25 09:16:13
ubuntucve
ubuntucve
CVE-2021-47159
2024-03-25 00:00:00
nvd
nvd
CVE-2021-47159
2024-03-25 10:15:08
redhatcve
redhatcve
CVE-2021-47159
2024-03-25 17:53:35
cve
cve
CVE-2021-47159
2024-03-25 10:15:08
nessus
nessus
Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-004)
2022-05-02 00:00:00
Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-002)
2022-05-02 00:00:00
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1648-1)
2024-05-15 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:1643-1)
2024-05-15 00:00:00