CVE-2021-47548

ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()

Description

In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() The if statement: if (port >= DSAF_GE_NUM) return; limits the value of port less than DSAF_GE_NUM (i.e., 8). However, if the value of port is 6 or 7, an array overflow could occur: port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off; because the length of dsaf_dev->mac_cb is DSAF_MAX_PORT_NUM (i.e., 6). To fix this possible array overflow, we first check port and if it is greater than or equal to DSAF_MAX_PORT_NUM, the function returns.

Category

9.8
CVSS
Severity: Critical
CVSS 3.1 •
EPSS 0.42%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/948968f8747650447c8f21c9fdba0e1973be040b patch
https://git.kernel.org/stable/c/abbd5faa0748d0aa95d5191d56ff7a17a6275bd1 patch
https://git.kernel.org/stable/c/dd07f8971b81ad98cc754b179b331b57f35aa1ff patch
https://git.kernel.org/stable/c/99bb25cb6753beaf2c2bc37927c2ecc0ceff3f6d patch
https://git.kernel.org/stable/c/22519eff7df2d88adcc2568d86046ce1e2b52803 patch
https://git.kernel.org/stable/c/fc7ffa7f10b9454a86369405d9814bf141b30627 patch
https://git.kernel.org/stable/c/a66998e0fbf213d47d02813b9679426129d0d114 patch

Frequently Asked Questions

What is the severity of CVE-2021-47548?
CVE-2021-47548 has been scored as a critical severity vulnerability.
How to fix CVE-2021-47548?
To fix CVE-2021-47548, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47548 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47548 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47548?
CVE-2021-47548 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.