CVE-2021-47137

net: lantiq: fix memory corruption in RX ring

CVSS 7.8 HIGHEPSS 0.2%CWE-770

In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails, DMA should reuse the previous skb and mapping and drop the packet. This patch also increments rx drop counter.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

Linux · Linux

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://git.kernel.org/stable/c/46dd4abced3cb2c912916f4a5353e0927db0c4a2 https://git.kernel.org/stable/c/5ac72351655f8b033a2935646f53b7465c903418 https://git.kernel.org/stable/c/8bb1077448d43a871ed667520763e3b9f9b7975d https://git.kernel.org/stable/c/c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20