CVE-2021-47215

low-risk
Published 2024-04-10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix crash in RX resync flow For the TLS RX resync flow, we maintain a list of TLS contexts that require some attention, to communicate their resync information to the HW. Here we fix list corruptions, by protecting the entries against movements coming from resync_handle_seq_match(), until their resync handling in napi is fully completed.

Do I need to act?

-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (2)

Affected Vendors

Linux

References (4)

Patch https://git.kernel.org/stable/c/cc4a9cc03faa6d8db1a6954bb536f2c1e63bdff6
Patch https://git.kernel.org/stable/c/ebeda7a9528ae690e6bf12791a868f0cca8391f2
Patch https://git.kernel.org/stable/c/cc4a9cc03faa6d8db1a6954bb536f2c1e63bdff6
Patch https://git.kernel.org/stable/c/ebeda7a9528ae690e6bf12791a868f0cca8391f2
25
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 7/34 · Low