CVE-2021-47137

net: lantiq: fix memory corruption in RX ring

Description

In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails, DMA should reuse the previous skb and mapping and drop the packet. This patch also increments rx drop counter.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/8bb1077448d43a871ed667520763e3b9f9b7975d patch
https://git.kernel.org/stable/c/5ac72351655f8b033a2935646f53b7465c903418 patch
https://git.kernel.org/stable/c/46dd4abced3cb2c912916f4a5353e0927db0c4a2 patch
https://git.kernel.org/stable/c/c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20 patch

Frequently Asked Questions

What is the severity of CVE-2021-47137?
CVE-2021-47137 has been scored as a high severity vulnerability.
How to fix CVE-2021-47137?
To fix CVE-2021-47137, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47137 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47137 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47137?
CVE-2021-47137 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.