CVE-2021-47368

enetc: Fix illegal access when reading affinity_hint

Description

In the Linux kernel, the following vulnerability has been resolved: enetc: Fix illegal access when reading affinity_hint irq_set_affinity_hit() stores a reference to the cpumask_t parameter in the irq descriptor, and that reference can be accessed later from irq_affinity_hint_proc_show(). Since the cpu_mask parameter passed to irq_set_affinity_hit() has only temporary storage (it's on the stack memory), later accesses to it are illegal. Thus reads from the corresponding procfs affinity_hint file can result in paging request oops. The issue is fixed by the get_cpu_mask() helper, which provides a permanent storage for the cpumask_t parameter.

Category

8.1
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.31%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/4c4c3052911b577920353a7646e4883d5da40c28 patch
https://git.kernel.org/stable/c/6c3f1b741c6c2914ea120e3a5790d3e900152f7b patch
https://git.kernel.org/stable/c/6f329d9da2a5ae032fcde800a99b118124ed5270 patch
https://git.kernel.org/stable/c/7237a494decfa17d0b9d0076e6cee3235719de90 patch

Frequently Asked Questions

What is the severity of CVE-2021-47368?
CVE-2021-47368 has been scored as a high severity vulnerability.
How to fix CVE-2021-47368?
To fix CVE-2021-47368, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47368 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47368 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47368?
CVE-2021-47368 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.