{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2021-47478","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-22T06:20:56.200Z","datePublished":"2024-05-22T08:19:31.521Z","dateUpdated":"2025-12-18T11:37:37.785Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-12-18T11:37:37.785Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nisofs: Fix out of bound access for corrupted isofs image\n\nWhen isofs image is suitably corrupted isofs_read_inode() can read data\nbeyond the end of buffer. Sanity-check the directory entry length before\nusing it."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/isofs/inode.c"],"versions":[{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"156ce5bb6cc43a80a743810199defb1dc3f55b7f","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"9ec33a9b8790c212cc926a88c5e2105f97f3f57e","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"afbd40f425227e661d991757e11cc4db024e761f","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"b0ddff8d68f2e43857a84dce54c3deab181c8ae1","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"6e80e9314f8bb52d9eabe1907698718ff01120f5","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"86d4aedcbc69c0f84551fb70f953c24e396de2d7","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"b2fa1f52d22c5455217b294629346ad23a744945","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"e7fb722586a2936b37bdff096c095c30ca06404d","status":"affected","versionType":"git"},{"version":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","lessThan":"e96a1866b40570b5950cda8602c2819189c62a48","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/isofs/inode.c"],"versions":[{"version":"2.6.12","status":"affected"},{"version":"0","lessThan":"2.6.12","status":"unaffected","versionType":"semver"},{"version":"4.4.292","lessThanOrEqual":"4.4.*","status":"unaffected","versionType":"semver"},{"version":"4.9.290","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.255","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.217","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.159","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.79","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.14.18","lessThanOrEqual":"5.14.*","status":"unaffected","versionType":"semver"},{"version":"5.15.2","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.4.292"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.9.290"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.14.255"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"4.19.217"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.4.159"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.10.79"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.14.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.15.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.12","versionEndExcluding":"5.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/156ce5bb6cc43a80a743810199defb1dc3f55b7f"},{"url":"https://git.kernel.org/stable/c/9ec33a9b8790c212cc926a88c5e2105f97f3f57e"},{"url":"https://git.kernel.org/stable/c/afbd40f425227e661d991757e11cc4db024e761f"},{"url":"https://git.kernel.org/stable/c/b0ddff8d68f2e43857a84dce54c3deab181c8ae1"},{"url":"https://git.kernel.org/stable/c/6e80e9314f8bb52d9eabe1907698718ff01120f5"},{"url":"https://git.kernel.org/stable/c/86d4aedcbc69c0f84551fb70f953c24e396de2d7"},{"url":"https://git.kernel.org/stable/c/b2fa1f52d22c5455217b294629346ad23a744945"},{"url":"https://git.kernel.org/stable/c/e7fb722586a2936b37bdff096c095c30ca06404d"},{"url":"https://git.kernel.org/stable/c/e96a1866b40570b5950cda8602c2819189c62a48"}],"title":"isofs: Fix out of bound access for corrupted isofs image","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-125","lang":"en","description":"CWE-125 Out-of-bounds Read"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-05-29T18:36:21.366364Z","id":"CVE-2021-47478","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-07T15:12:42.793Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:39:59.618Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/156ce5bb6cc43a80a743810199defb1dc3f55b7f","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/9ec33a9b8790c212cc926a88c5e2105f97f3f57e","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/afbd40f425227e661d991757e11cc4db024e761f","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b0ddff8d68f2e43857a84dce54c3deab181c8ae1","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6e80e9314f8bb52d9eabe1907698718ff01120f5","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/86d4aedcbc69c0f84551fb70f953c24e396de2d7","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b2fa1f52d22c5455217b294629346ad23a744945","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e7fb722586a2936b37bdff096c095c30ca06404d","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e96a1866b40570b5950cda8602c2819189c62a48","tags":["x_transferred"]}]}]}}