Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2021-47401

HistoryMay 21, 2024 - 3:15 p.m.

CVE-2021-47401

2024-05-2115:15:25

Debian Security Bug Tracker

security-tracker.debian.org

linux kernel

ipack

ipoctal

stack information leak

tty driver

user space

security hole

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.1%

JSON

In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix stack information leak The tty driver name is used also after registering the driver and must specifically not be allocated on the stack to avoid leaking information to user space (or triggering an oops). Drivers should not try to encode topology information in the tty device name but this one snuck in through staging without anyone noticing and another driver has since copied this malpractice. Fixing the ABI is a separate issue, but this at least plugs the security hole.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 5.14.12-1linux_5.14.12-1_all.deb
Debian11alllinux< 5.10.84-1linux_5.10.84-1_all.deb
Debian10alllinux< 4.19.232-1linux_4.19.232-1_all.deb
Debian999alllinux< 5.14.12-1linux_5.14.12-1_all.deb
Debian13alllinux< 5.14.12-1linux_5.14.12-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 5.14.12-1	linux_5.14.12-1_all.deb
Debian	11	all	linux	< 5.10.84-1	linux_5.10.84-1_all.deb
Debian	10	all	linux	< 4.19.232-1	linux_4.19.232-1_all.deb
Debian	999	all	linux	< 5.14.12-1	linux_5.14.12-1_all.deb
Debian	13	all	linux	< 5.14.12-1	linux_5.14.12-1_all.deb