CRITICAL🇵🇱 Wersja polska

CVE-2021-47548

CVSS 9.8v3.1pub. 2024-05-24upd. 2025-04-01

In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() The if statement: if (port >= DSAF_GE_NUM) return; limits the value of port less than DSAF_GE_NUM (i.e., 8). However, if the value of port is 6 or 7, an array overflow could occur: port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off; because the length of dsaf_dev->mac_cb is DSAF_MAX_PORT_NUM (i.e., 6). To fix this possible array overflow, we first check port and if it is greater than or equal to DSAF_MAX_PORT_NUM, the function returns.

🤖 AI Analysis
How it works

The hns_dsaf_ge_srst_by_port() function checks whether the passed port parameter value is less than DSAF_GE_NUM (8), however the dsaf_dev->mac_cb array has a length of DSAF_MAX_PORT_NUM (6). When the port value is 6 or 7, the precondition does not block access, and the code accesses an array element outside its boundaries. The fix consists of adding an earlier check that terminates function execution if port is greater than or equal to DSAF_MAX_PORT_NUM (6).

Impact

An attacker can cause a write outside array boundaries in kernel space, potentially leading to arbitrary code execution (RCE), privilege escalation, or system destabilization.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Fixes have been published in the Linux kernel stable repository under the following commits: 22519eff7df2, 948968f8747650, 99bb25cb6753be, a66998e0fbf213, abbd5faa0748d0.

Who is affected

Linux Kernel — versions indicated in the manufacturer's references (HiSilicon HNS ethernet driver, hns_dsaf_misc component)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Linux Kernel

    OS
    Linux
    5.164.10 – 4.14.257 (bez)4.15 – 4.19.220 (bez)< 4.9.2925.5 – 5.10.84 (bez)5.11 – 5.15.7 (bez)4.20 – 5.4.164 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2022-47986CRITICAL9.8⚠ KEVten sam produkt

IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on t...

CVE-2022-22954CRITICAL9.8⚠ KEVten sam produkt

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-s...

CVE-2020-4006CRITICAL9.1⚠ KEVten sam produkt

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a...