CVE-2021-47401
Published: May 21, 2024
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ipack: ipoctal: fix stack information leak The tty driver name is used also after registering the driver and must specifically not be allocated on the stack to avoid leaking information to user space (or triggering an oops). Drivers should not try to encode topology information in the tty device name but this one snuck in through staging without anyone noticing and another driver has since copied this malpractice. Fixing the ABI is a separate issue, but this at least plugs the security hole.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected ba4dc61fe8c545a5d6a68b63616776556b771f51 - < acb96e782bad427ca4bb1bd94af660acd1462380affected ba4dc61fe8c545a5d6a68b63616776556b771f51 - < 741ea2670e021350e54f491106bdaa22dc50e6a0affected ba4dc61fe8c545a5d6a68b63616776556b771f51 - < 2725925982dc96a78069cd118ea3d66759bfdad7affected ba4dc61fe8c545a5d6a68b63616776556b771f51 - < 829f13d6079cf7a2465522f39acb43033e9b320daffected ba4dc61fe8c545a5d6a68b63616776556b771f51 - < 8657158a3b68c85234e6da3d8eae33d6183588b7+3 more versions |
Linux | Linux | affected 3.5unaffected 0 - < 3.5unaffected 4.4.286 - <= 4.4.*unaffected 4.9.285 - <= 4.9.*unaffected 4.14.249 - <= 4.14.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now