What is CVE-2021-47297?

CVE-2021-47297 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10. CVE-2021-47297 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2021-47297?

CVE-2021-47297 has a CVSS score of 5.5 out of 10, rated Medium severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Is there a patch available for CVE-2021-47297?

No patch is currently available for CVE-2021-47297. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2021-47297 actively exploited?

CVE-2021-47297 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2021-47297

Medium

In the Linux kernel, the following vulnerability has been resolved: net: fix uninit-value in caif_seqpkt_sendmsg When nr_segs equal to zero in iovec_from_user, the object msg->msg_iter.iov is uninit stack memory in caif_seqpkt_sendmsg which is defined in ___sys_sendmsg. So we cann't just judge msg->msg_iter.iov->base directlly. We can use nr_segs to judge msg in caif_seqpkt_sendmsg whether has data buffers. ===================================================== BUG: KMSAN: uninit-value in caif_seqpkt_sendmsg+0x693/0xf60 net/caif/caif_socket.c:542 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1c9/0x220 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 caif_seqpkt_sendmsg+0x693/0xf60 net/caif/caif_socket.c:542 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg net/socket.c:672 [inline] ____sys_sendmsg+0x12b6/0x1350 net/socket.c:2343 ___sys_sendmsg net/socket.c:2397 [inline] __sys_sendmmsg+0x808/0xc90 net/socket.c:2480 __compat_sys_sendmmsg net/compat.c:656 [inline]

Package Linux Kernel

Published 2024-05-21

Last modified 2025-04-02

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

5.5

out of 10

Medium

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness type

CWE-908

CVE-2021-47297 is classified as CWE-908

See CWE-908 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2021-47297 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/1582a02fecffcee306663035a295e28e1c4aaaff
Patch
Kernel patch commit
https://git.kernel.org/stable/c/452c3ed7bf63721b07bc2238ed1261bb26027e85
Patch
Kernel patch commit
https://git.kernel.org/stable/c/5c6d8e2f7187b8e45a18c27acb7a3885f03ee3db
Patch

8 patch commits total View all on NVD

Details

CVE ID CVE-2021-47297

Severity Medium

CVSS score 5.5 / 10

CVSS version 3.1

Published 2024-05-21

Modified 2025-04-02

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2021-47297?

CVE-2021-47297 is a Medium severity Linux kernel vulnerability with a CVSS score of 5.5 out of 10 . CVE-2021-47297 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2021-47297?

CVE-2021-47297 has a CVSS score of 5.5 out of 10, rated Medium severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Is there a patch available for CVE-2021-47297?

No patch is currently available for CVE-2021-47297. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2021-47297 actively exploited?

No — CVE-2021-47297 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.