CVE-2021-47137

high

Description

In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails, DMA should reuse the previous skb and mapping and drop the packet. This patch also increments rx drop counter.

References

https://git.kernel.org/stable/c/c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20

https://git.kernel.org/stable/c/8bb1077448d43a871ed667520763e3b9f9b7975d

https://git.kernel.org/stable/c/5ac72351655f8b033a2935646f53b7465c903418

https://git.kernel.org/stable/c/46dd4abced3cb2c912916f4a5353e0927db0c4a2

Details

Source: Mitre, NVD

Published: 2024-03-25

Updated: 2024-11-05

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High