CVE-2021-47374

In the Linux kernel, the following vulnerability has been resolved: dma-debug: prevent an error message from causing runtime problems For some drivers, that use the DMA API. This error message can be reached several millions of times per second, causing spam to the kernel's printk buffer and bringing the CPU usage up to 100% (so, it should be rate limited). However, since there is at least one driver that is in the mainline and suffers from the error condition, it is more useful to err_printk() here instead of just rate limiting the error message (in hopes that it will make it easier for other drivers that suffer from this issue to be spotted).

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/510e1a724ab1bf38150be2c1acabb303f98d0047	Patch
https://git.kernel.org/stable/c/de4afec2d2946c92c62a15ab341c70b287289e6a	Patch
https://git.kernel.org/stable/c/510e1a724ab1bf38150be2c1acabb303f98d0047	Patch
https://git.kernel.org/stable/c/de4afec2d2946c92c62a15ab341c70b287289e6a	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc1::::::

History

12 May 2025, 19:52

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-770
First Time		Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/510e1a724ab1bf38150be2c1acabb303f98d0047 -~~	() https://git.kernel.org/stable/c/510e1a724ab1bf38150be2c1acabb303f98d0047 - Patch
References	~~() https://git.kernel.org/stable/c/de4afec2d2946c92c62a15ab341c70b287289e6a -~~	() https://git.kernel.org/stable/c/de4afec2d2946c92c62a15ab341c70b287289e6a - Patch
CPE		cpe:2.3:o:linux:linux_kernel:5.15:rc1:::::: cpe:2.3:o:linux:linux_kernel::::::::

Information

Published : 2024-05-21 15:15

Updated : 2025-05-12 19:52

NVD link : CVE-2021-47374

Mitre link : CVE-2021-47374

CVE.ORG link : CVE-2021-47374

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2021-47374", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-05-21T15:15:23.223", "references": [{"url": "https://git.kernel.org/stable/c/510e1a724ab1bf38150be2c1acabb303f98d0047", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/de4afec2d2946c92c62a15ab341c70b287289e6a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/510e1a724ab1bf38150be2c1acabb303f98d0047", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/de4afec2d2946c92c62a15ab341c70b287289e6a", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-debug: prevent an error message from causing runtime problems\n\nFor some drivers, that use the DMA API. This error message can be reached\nseveral millions of times per second, causing spam to the kernel's printk\nbuffer and bringing the CPU usage up to 100% (so, it should be rate\nlimited). However, since there is at least one driver that is in the\nmainline and suffers from the error condition, it is more useful to\nerr_printk() here instead of just rate limiting the error message (in hopes\nthat it will make it easier for other drivers that suffer from this issue\nto be spotted)."}, {"lang": "es", "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: dma-debug: evita que un mensaje de error cause problemas de tiempo de ejecuci\u00f3n Para algunos controladores, que utilizan la API DMA. Este mensaje de error puede aparecer varios millones de veces por segundo, provocando spam en el b\u00fafer printk del kernel y elevando el uso de la CPU hasta el 100% (por lo tanto, deber\u00eda tener una velocidad limitada). Sin embargo, dado que hay al menos un controlador que est\u00e1 en la l\u00ednea principal y sufre la condici\u00f3n de error, es m\u00e1s \u00fatil err_printk() aqu\u00ed en lugar de simplemente limitar el valor del mensaje de error (con la esperanza de que as\u00ed sea m\u00e1s f\u00e1cil para otros controladores). que sufren este problema para ser detectados)."}], "lastModified": "2025-05-12T19:52:58.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3920349-3546-4942-8807-8BC57C8D46BC", "versionEndExcluding": "5.14.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E46C74C6-B76B-4C94-A6A4-FD2FFF62D644"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}