U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2021-47401 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix stack information leak The tty driver name is used also after registering the driver and must specifically not be allocated on the stack to avoid leaking information to user space (or triggering an oops). Drivers should not try to encode topology information in the tty device name but this one snuck in through staging without anyone noticing and another driver has since copied this malpractice. Fixing the ABI is a separate issue, but this at least plugs the security hole.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/0a9c36a2e06a249acbed64e8e0b84637c2ad7575 CVE, kernel.org Patch 
https://git.kernel.org/stable/c/2725925982dc96a78069cd118ea3d66759bfdad7 CVE, kernel.org Patch 
https://git.kernel.org/stable/c/5f6a309a699675680df15d9b6d389114515b4426 CVE, kernel.org Patch 
https://git.kernel.org/stable/c/741ea2670e021350e54f491106bdaa22dc50e6a0 CVE, kernel.org Patch 
https://git.kernel.org/stable/c/829f13d6079cf7a2465522f39acb43033e9b320d CVE, kernel.org Patch 
https://git.kernel.org/stable/c/8657158a3b68c85234e6da3d8eae33d6183588b7 CVE, kernel.org Patch 
https://git.kernel.org/stable/c/a89936cce87d60766a75732a9e7e25c51164f47c CVE, kernel.org Patch 
https://git.kernel.org/stable/c/acb96e782bad427ca4bb1bd94af660acd1462380 CVE, kernel.org Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-668 Exposure of Resource to Wrong Sphere cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

5 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2021-47401
NVD Published Date:
05/21/2024
NVD Last Modified:
09/26/2025
Source:
kernel.org