Bug 2283401 (CVE-2021-47548)
| Summary: | CVE-2021-47548 kernel: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | ybuenos |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acaringi, allarkin, aquini, bhu, chwhite, cye, cyin, dbohanno, debarbos, dfreiber, drow, dvlasenk, esandeen, ezulian, hkrzesin, jarod, jburrell, jdenham, jfaracco, jlelli, joe.lawrence, jshortt, jstancek, jwyatt, kcarcia, ldoskova, lgoncalv, lzampier, mleitner, mmilgram, mstowell, nmurray, ptalbert, rparrazo, rrobaina, rvrbovsk, rysulliv, scweaver, sidakwo, sukulkar, tglozar, trathi, tyberry, vkumar, wcosta, williams, wmealing, ycote, ykopkova, zhijwang |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kernel 4.9.292, kernel 4.14.257, kernel 4.19.220, kernel 5.4.164, kernel 5.10.84, kernel 5.15.7, kernel 5.16 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability was found in the Linux kernel's Hisilicon Ethernet driver, in the hns_dsaf_ge_srst_by_port() function, which allows for a possible array overflow, which occurs when an input value exceeds the expected range, leading to potential memory corruption.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2283495 | ||
|
Description
ybuenos
2024-05-27 09:53:55 UTC
The result of automatic check (that is developed by Alexander Larkin) for this CVE-2021-47548 is: CHECK Maybe valid. Check manually. with impact MODERATE (that is an approximation based on flags REMOTE SIMPLEFIX NETWORK IMPROVEONLY ; these flags parsed automatically based on patch data). Such automatic check happens only for Low/Moderates (and only when not from reporter, but parsing already existing CVE). Highs always checked manually (I check it myself and then we check it again in Remediation team). In rare cases some of the Moderates could be increased to High later. This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:4533 https://access.redhat.com/errata/RHSA-2024:4533 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:4554 https://access.redhat.com/errata/RHSA-2024:4554 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:4583 https://access.redhat.com/errata/RHSA-2024:4583 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:4740 https://access.redhat.com/errata/RHSA-2024:4740 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2024:4902 https://access.redhat.com/errata/RHSA-2024:4902 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:5102 https://access.redhat.com/errata/RHSA-2024:5102 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:5101 https://access.redhat.com/errata/RHSA-2024:5101 |