Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-47276
HistoryMay 21, 2024 - 12:00 a.m.

CVE-2021-47276

2024-05-2100:00:00
ubuntu.com
ubuntu.com
11
linux kernel
vulnerability
resolved

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

13.0%

In the Linux kernel, the following vulnerability has been resolved: ftrace:
Do not blindly read the ip address in ftrace_bug() It was reported that a
bug on arm64 caused a bad ip address to be used for updating into a nop in
ftrace_init(), but the error path (rightfully) returned -EINVAL and not
-EFAULT, as the bug caused more than one error to occur. But because
-EINVAL was returned, the ftrace_bug() tried to report what was at the
location of the ip address, and read it directly. This caused the machine
to panic, as the ip was not pointing to a valid memory address. Instead,
read the ip address with copy_from_kernel_nofault() to safely access the
memory, and if it faults, report that the address faulted, otherwise report
what was in that location.

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

13.0%