CVE-2021-47336

smackfs: restrict bytes count in smk_set_cipso()

Description

In the Linux kernel, the following vulnerability has been resolved: smackfs: restrict bytes count in smk_set_cipso() Oops, I failed to update subject line. From 07571157c91b98ce1a4aa70967531e64b78e8346 Mon Sep 17 00:00:00 2001 Date: Mon, 12 Apr 2021 22:25:06 +0900 Subject: [PATCH] smackfs: restrict bytes count in smk_set_cipso() Commit 7ef4c19d245f3dc2 ("smackfs: restrict bytes count in smackfs write functions") missed that count > SMK_CIPSOMAX check applies to only format == SMK_FIXED24_FMT case.

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/5f9880403e6b71d56924748ba331daf836243fca patch
https://git.kernel.org/stable/c/5c2dca9a7a7ff6a2df34158903515e2e4fd3d2b2 patch
https://git.kernel.org/stable/c/cbd87ba6a13891acf6180783f8234a8b7a3e3d4d patch
https://git.kernel.org/stable/c/135122f174c357b7a3e58f40fa5792156c5e93e6 patch
https://git.kernel.org/stable/c/3780348c1a0e14ffefcaf1fc521f815bcaac94b0 patch
https://git.kernel.org/stable/c/8f5c773a2871cf446e3f36b2834fb25bbb28512b patch
https://git.kernel.org/stable/c/258fd821f69378453c071b9dd767b298810fc766 patch
https://git.kernel.org/stable/c/49ec114a6e62d8d320037ce71c1aaf9650b3cafd patch

Frequently Asked Questions

What is the severity of CVE-2021-47336?
CVE-2021-47336 has been scored as a high severity vulnerability.
How to fix CVE-2021-47336?
To fix CVE-2021-47336, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47336 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47336 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47336?
CVE-2021-47336 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.