CVE-2021-47297 - Vulnerability Details

- net: fix uninit-value in caif_seqpkt_sendmsg

Description

In the Linux kernel, the following vulnerability has been resolved:

net: fix uninit-value in caif_seqpkt_sendmsg

When nr_segs equal to zero in iovec_from_user, the object
msg->msg_iter.iov is uninit stack memory in caif_seqpkt_sendmsg
which is defined in ___sys_sendmsg. So we cann't just judge
msg->msg_iter.iov->base directlly. We can use nr_segs to judge
msg in caif_seqpkt_sendmsg whether has data buffers.

=====================================================
BUG: KMSAN: uninit-value in caif_seqpkt_sendmsg+0x693/0xf60 net/caif/caif_socket.c:542
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c9/0x220 lib/dump_stack.c:118
kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118
__msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215
caif_seqpkt_sendmsg+0x693/0xf60 net/caif/caif_socket.c:542
sock_sendmsg_nosec net/socket.c:652 [inline]
sock_sendmsg net/socket.c:672 [inline]
____sys_sendmsg+0x12b6/0x1350 net/socket.c:2343
___sys_sendmsg net/socket.c:2397 [inline]
__sys_sendmmsg+0x808/0xc90 net/socket.c:2480
__compat_sys_sendmmsg net/compat.c:656 [inline]

Published: 2024-05-21

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`bece7b2398d073d11b2e352405a3ecd3a1e39c60`	affected	< d9d646acad2c3590e189bb5d5c86ab8bd8a2dfc3
`bece7b2398d073d11b2e352405a3ecd3a1e39c60`	affected	< 5c6d8e2f7187b8e45a18c27acb7a3885f03ee3db
`bece7b2398d073d11b2e352405a3ecd3a1e39c60`	affected	< ffe31dd70b70a40cd6b21b78c1713a23e021843a
`bece7b2398d073d11b2e352405a3ecd3a1e39c60`	affected	< 452c3ed7bf63721b07bc2238ed1261bb26027e85
`bece7b2398d073d11b2e352405a3ecd3a1e39c60`	affected	< 9413c0abb57f70a953b1116318d6aa478013c35d
`bece7b2398d073d11b2e352405a3ecd3a1e39c60`	affected	< 1582a02fecffcee306663035a295e28e1c4aaaff
`bece7b2398d073d11b2e352405a3ecd3a1e39c60`	affected	< d4c7797ab1517515f0d08b3bc1c6b48883889c54
`bece7b2398d073d11b2e352405a3ecd3a1e39c60`	affected	< 991e634360f2622a683b48dfe44fe6d9cb765a09

Linux

affected

Version	Status	Constraints
`2.6.35`	affected	—
`0`	unaffected	< 2.6.35
`4.4.277`	unaffected	≤ 4.4.*
`4.9.277`	unaffected	≤ 4.9.*
`4.14.241`	unaffected	≤ 4.14.*
`4.19.199`	unaffected	≤ 4.19.*
`5.4.136`	unaffected	≤ 5.4.*
`5.10.54`	unaffected	≤ 5.10.*
`5.13.6`	unaffected	≤ 5.13.*
`5.14`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.14:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.14:rc2::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://git.kernel.org/stable/c/1582a02fecffcee306663035a295e28e1c4aaaff
https://git.kernel.org/stable/c/452c3ed7bf63721b07bc2238ed1261bb26027e85
https://git.kernel.org/stable/c/5c6d8e2f7187b8e45a18c27acb7a3885f03ee3db
https://git.kernel.org/stable/c/9413c0abb57f70a953b1116318d6aa478013c35d
https://git.kernel.org/stable/c/991e634360f2622a683b48dfe44fe6d9cb765a09
https://git.kernel.org/stable/c/d4c7797ab1517515f0d08b3bc1c6b48883889c54
https://git.kernel.org/stable/c/d9d646acad2c3590e189bb5d5c86ab8bd8a2dfc3
https://git.kernel.org/stable/c/ffe31dd70b70a40cd6b21b78c1713a23e021843a
https://lore.kernel.org/linux-cve-announce/2024052124-CVE-2021-47297-55b5@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47297
https://www.cve.org/CVERecord?id=CVE-2021-47297

History

Wed, 02 Apr 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		CWE-908
CPEs		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:5.14:rc1:::::: cpe:2.3:o:linux:linux_kernel:5.14:rc2::::::
Vendors & Products		Linux Linux linux Kernel

Wed, 06 Nov 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-21T14:35:19.982Z

Updated: 2026-05-11T13:51:45.933Z

Reserved: 2024-05-21T13:27:52.132Z

Link: CVE-2021-47297

Vulnrichment

Updated: 2024-08-04T05:32:08.483Z

NVD

Status : Analyzed

Published: 2024-05-21T15:15:17.553

Modified: 2025-04-02T14:42:58.820

Link: CVE-2021-47297

Redhat

Severity : Low

Publid Date: 2024-05-21T00:00:00Z

Links: CVE-2021-47297 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object