CVE-2021-47240

net: qrtr: fix OOB Read in qrtr_endpoint_post

Description

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix OOB Read in qrtr_endpoint_post Syzbot reported slab-out-of-bounds Read in qrtr_endpoint_post. The problem was in wrong _size_ type: if (len != ALIGN(size, 4) + hdrlen) goto err; If size from qrtr_hdr is 4294967293 (0xfffffffd), the result of ALIGN(size, 4) will be 0. In case of len == hdrlen and size == 4294967293 in header this check won't fail and skb_put_data(skb, data + hdrlen, size); will read out of bound from data, which is hdrlen allocated block.

Category

7.1
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.17%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/f8111c0d7ed42ede41a3d0d393b104de0730a8a6 patch
https://git.kernel.org/stable/c/26b8d10703a9be45d6097946b2b4011f7dd2c56f patch
https://git.kernel.org/stable/c/960b08dd36de1e341e3eb43d1c547513e338f4f8 patch
https://git.kernel.org/stable/c/19892ab9c9d838e2e5a7744d36e4bb8b7c3292fe patch
https://git.kernel.org/stable/c/ad9d24c9429e2159d1e279dc3a83191ccb4daf1d patch

Frequently Asked Questions

What is the severity of CVE-2021-47240?
CVE-2021-47240 has been scored as a high severity vulnerability.
How to fix CVE-2021-47240?
To fix CVE-2021-47240, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47240 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47240 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47240?
CVE-2021-47240 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.