vulnerability
Oracle Linux: CVE-2021-47609: ELSA-2024-7000: kernel security update (IMPORTANT)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:L/Au:M/C:C/I:C/A:C) | Jun 19, 2024 | Oct 16, 2024 | Jul 17, 2025 |
Severity
6
CVSS
(AV:L/AC:L/Au:M/C:C/I:C/A:C)
Published
Jun 19, 2024
Added
Oct 16, 2024
Modified
Jul 17, 2025
Description
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scpi: Fix string overflow in SCPI genpd driver
Without the bound checks for scpi_pd->name, it could result in the buffer
overflow when copying the SCPI device name from the corresponding device
tree node as the name string is set at maximum size of 30.
Let us fix it by using devm_kasprintf so that the string buffer is
allocated dynamically.
firmware: arm_scpi: Fix string overflow in SCPI genpd driver
Without the bound checks for scpi_pd->name, it could result in the buffer
overflow when copying the SCPI device name from the corresponding device
tree node as the name string is set at maximum size of 30.
Let us fix it by using devm_kasprintf so that the string buffer is
allocated dynamically.
Solution
oracle-linux-upgrade-kernel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.