Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-47609

Опубликовано: 19 июн. 2024
Источник: nvd
CVSS3: 7.8
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

firmware: arm_scpi: Fix string overflow in SCPI genpd driver

Without the bound checks for scpi_pd->name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tree node as the name string is set at maximum size of 30.

Let us fix it by using devm_kasprintf so that the string buffer is allocated dynamically.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 4.8 (включая) до 4.9.294 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 4.10 (включая) до 4.14.259 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 4.15 (включая) до 4.19.222 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 4.20 (включая) до 5.4.168 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.5 (включая) до 5.10.88 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.11 (включая) до 5.15.11 (исключая)
cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.16:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.16:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.16:rc5:*:*:*:*:*:*

EPSS

Процентиль: 21%
0.00066
Низкий

7.8 High

CVSS3

Дефекты

CWE-120

Связанные уязвимости

ubuntu логотип

CVE-2021-47609

CVSS3: 7.8
ubuntu
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tree node as the name string is set at maximum size of 30. Let us fix it by using devm_kasprintf so that the string buffer is allocated dynamically.

redhat логотип

CVE-2021-47609

CVSS3: 6.7
redhat
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tree node as the name string is set at maximum size of 30. Let us fix it by using devm_kasprintf so that the string buffer is allocated dynamically.

debian логотип

CVE-2021-47609

CVSS3: 7.8
debian
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: f ...

github логотип

GHSA-75vg-83r4-pmmq

CVSS3: 7.8
github
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tree node as the name string is set at maximum size of 30. Let us fix it by using devm_kasprintf so that the string buffer is allocated dynamically.

fstec логотип

BDU:2024-11564

CVSS3: 7.8
fstec
больше 3 лет назад

Уязвимость компонента arm_scpi ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 21%
0.00066
Низкий

7.8 High

CVSS3

Дефекты

CWE-120
Уязвимость CVE-2021-47609