U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2021-47401 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix stack information leak The tty driver name is used also after registering the driver and must specifically not be allocated on the stack to avoid leaking information to user space (or triggering an oops). Drivers should not try to encode topology information in the tty device name but this one snuck in through staging without anyone noticing and another driver has since copied this malpractice. Fixing the ABI is a separate issue, but this at least plugs the security hole.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/0a9c36a2e06a249acbed64e8e0b84637c2ad7575
https://git.kernel.org/stable/c/0a9c36a2e06a249acbed64e8e0b84637c2ad7575
https://git.kernel.org/stable/c/2725925982dc96a78069cd118ea3d66759bfdad7
https://git.kernel.org/stable/c/2725925982dc96a78069cd118ea3d66759bfdad7
https://git.kernel.org/stable/c/5f6a309a699675680df15d9b6d389114515b4426
https://git.kernel.org/stable/c/5f6a309a699675680df15d9b6d389114515b4426
https://git.kernel.org/stable/c/741ea2670e021350e54f491106bdaa22dc50e6a0
https://git.kernel.org/stable/c/741ea2670e021350e54f491106bdaa22dc50e6a0
https://git.kernel.org/stable/c/829f13d6079cf7a2465522f39acb43033e9b320d
https://git.kernel.org/stable/c/829f13d6079cf7a2465522f39acb43033e9b320d
https://git.kernel.org/stable/c/8657158a3b68c85234e6da3d8eae33d6183588b7
https://git.kernel.org/stable/c/8657158a3b68c85234e6da3d8eae33d6183588b7
https://git.kernel.org/stable/c/a89936cce87d60766a75732a9e7e25c51164f47c
https://git.kernel.org/stable/c/a89936cce87d60766a75732a9e7e25c51164f47c
https://git.kernel.org/stable/c/acb96e782bad427ca4bb1bd94af660acd1462380
https://git.kernel.org/stable/c/acb96e782bad427ca4bb1bd94af660acd1462380

Weakness Enumeration

CWE-ID CWE Name Source

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2021-47401
NVD Published Date:
05/21/2024
NVD Last Modified:
11/21/2024
Source:
kernel.org