SB2024060841 - Information disclosure in Linux kernel rxrpc
Published: June 8, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024060841
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2021-47538)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the rxrpc_create_peer(), rxrpc_lookup_peer(), __rxrpc_put_peer() and rxrpc_put_peer_locked() functions in net/rxrpc/peer_object.c. A local user can gain access to sensitive information.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/913c24af2d13a3fd304462916ee98e298d56bdce
- https://git.kernel.org/stable/c/3e70e3a72d80b16094faccbe438cd53761c3503a
- https://git.kernel.org/stable/c/60f0b9c42cb80833a03ca57c1c8b078d716e71d1
- https://git.kernel.org/stable/c/9469273e616ca8f1b6e3773c5019f21b4c8d828c
- https://git.kernel.org/stable/c/beacff50edbd6c9659a6f15fc7f6126909fade29
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.220
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.84
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.164