CVE-2021-47368

Advisory lineage Upstream: 0 Downstream: 10
Analyzed
Published: 21 May 2024, 15:03
Last modified:11 May 2026, 13:53

Vulnerability Summary

Overall Risk (default)
medium
32/100
CVSS Score
8.1 HIGH
v3.1 (cve.org)
EPSS Score
0.05% LOW
0% probability +0.02%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

21 May 2024, 15:03
Published
Vulnerability first disclosed
11 May 2026, 13:53
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: enetc: Fix illegal access when reading affinity_hint irq_set_affinity_hit() stores a reference to the cpumask_t parameter in the irq descriptor, and that reference can be accessed later from irq_affinity_hint_proc_show(). Since the cpu_mask parameter passed to irq_set_affinity_hit() has only temporary storage (it's on the stack memory), later accesses to it are illegal. Thus reads from the corresponding procfs affinity_hint file can result in paging request oops. The issue is fixed by the get_cpu_mask() helper, which provides a permanent storage for the cpumask_t parameter.

CVSS Metrics

  • v3.1HIGHScore: 8.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Trends

Current EPSS score: 0.05% Percentile: 15%

Techniques & Countermeasures

  • CWE-400Uncontrolled Resource Consumption

    The product does not properly control the allocation and maintenance of a limited resource.

Affected Systems

  • linuxlinux

    ≥ d4fd0404c1c95b17880f254ebfee3485693fa8ba, < 4c4c3052911b577920353a7646e4883d5da40c28 | ≥ d4fd0404c1c95b17880f254ebfee3485693fa8ba, < 6c3f1b741c6c2914ea120e3a5790d3e900152f7b | ≥ d4fd0404c1c95b17880f254ebfee3485693fa8ba, < 6f329d9da2a5ae032fcde800a99b118124ed5270 | ≥ d4fd0404c1c95b17880f254ebfee3485693fa8ba, < 7237a494decfa17d0b9d0076e6cee3235719de90 | 5.1

  • linuxlinux_kernel

    ≥ 5.1, < 5.4.150 | ≥ 5.5, < 5.10.70 | ≥ 5.11, < 5.14.9 | 5.15:rc1 | 5.15:rc2

References (4)