CVE-2021-43975 — Out-of-bounds Write in Linux
Severity
6.7MEDIUMNVD
OSV7.8OSV7.0OSV6.5OSV4.7
EPSS
0.0%
top 95.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 17
Latest updateFeb 14
Description
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9
Affected Packages7 packages
Also affects: Debian Linux 10.0, 9.0, Fedora 34, 35
Patches
🔴Vulnerability Details
9OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, inux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon vulnerabilities↗2022-04-21
OSV▶
linux, linux-aws, linux-aws-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2022-03-22
OSV▶
linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-azure-fde, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4 linux-oracle, ↗2022-02-22
📋Vendor Advisories
11💬Community
1Bugzilla▶
CVE-2021-43975 kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait() in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c↗2021-11-19