CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
15.5%
In the Linux kernel, the following vulnerability has been resolved:
ethtool: strset: fix message length calculation Outer nest for
ETHTOOL_A_STRSET_STRINGSETS is not accounted for. This may result in
ETHTOOL_MSG_STRSET_GET producing a warning like: calculated message payload
length (684) not sufficient WARNING: CPU: 0 PID: 30967 at
net/ethtool/netlink.c:369 ethnl_default_doit+0x87a/0xa20 and a splat. As
usually with such warnings three conditions must be met for the warning to
trigger: - there must be no skb size rounding up (e.g. reply_size of 684);
git.kernel.org/linus/e175aef902697826d344ce3a12189329848fe898 (5.13-rc7)
git.kernel.org/stable/c/cfc7f0e70d649e6d2233fba0d9390b525677d971
git.kernel.org/stable/c/e175aef902697826d344ce3a12189329848fe898
git.kernel.org/stable/c/fb3a948143688e14e2cfd2a2812877923d0e5e92
launchpad.net/bugs/cve/CVE-2021-47241
nvd.nist.gov/vuln/detail/CVE-2021-47241
security-tracker.debian.org/tracker/CVE-2021-47241
www.cve.org/CVERecord?id=CVE-2021-47241