CVE-2021-47547

net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound

Description

In the Linux kernel, the following vulnerability has been resolved: net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound In line 5001, if all id in the array 'lp->phy[8]' is not 0, when the 'for' end, the 'k' is 8. At this time, the array 'lp->phy[8]' may be out of bound.

Category

4.4
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/ec5bd0aef1cec96830d0c7e06d3597d9e786cc98 patch
https://git.kernel.org/stable/c/142ead3dc70411bd5977e8c47a6d8bf22287b3f8 patch
https://git.kernel.org/stable/c/d3dedaa5a601107cfedda087209772c76e364d58 patch
https://git.kernel.org/stable/c/2c1a6a9a011d622a7c61324a97a49801ba425eff patch
https://git.kernel.org/stable/c/77ff166909458646e66450e42909e0adacc99049 patch
https://git.kernel.org/stable/c/f059fa40f0fcc6bc7a12e0f2a2504e9a4ff74f1f patch
https://git.kernel.org/stable/c/12f907cb11576b8cd0b1d95a16d1f10ed5bb7237 patch
https://git.kernel.org/stable/c/61217be886b5f7402843677e4be7e7e83de9cb41 patch

Frequently Asked Questions

What is the severity of CVE-2021-47547?
CVE-2021-47547 has been scored as a medium severity vulnerability.
How to fix CVE-2021-47547?
To fix CVE-2021-47547, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47547 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47547 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47547?
CVE-2021-47547 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.