Resource Injection Affecting kernel-debuginfo package, versions <0:4.14.238-182.421.amzn2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-AMZN2-KERNELDEBUGINFO-7172227
- published 31 May 2024
- disclosed 25 Mar 2024
Introduced: 25 Mar 2024
CVE-2021-47166 Open this link in a new tabHow to fix?
Upgrade Amazon-Linux:2 kernel-debuginfo to version 0:4.14.238-182.421.amzn2 or higher.
This issue was patched in ALAS2-2021-1685.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-debuginfo package and not the kernel-debuginfo package as distributed by Amazon-Linux.
See How to fix? for Amazon-Linux:2 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
The value of mirror->pg_bytes_written should only be updated after a successful attempt to flush out the requests on the list.
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47166
- https://git.kernel.org/stable/c/0d0ea309357dea0d85a82815f02157eb7fcda39f
- https://git.kernel.org/stable/c/2fe1cac336b55a1f79e603e9ce3552c3623e90eb
- https://git.kernel.org/stable/c/40f139a6d50c232c0d1fd1c5e65a845c62db0ede
- https://git.kernel.org/stable/c/7087db95c0a06ab201b8ebfac6a7ec1e34257997
- https://git.kernel.org/stable/c/785917316b25685c9b3a2a88f933139f2de75e33
- https://git.kernel.org/stable/c/b291baae24f876acd5a5dd57d0bb2bbac8a68b0c
- https://git.kernel.org/stable/c/c757c1f1e65d89429db1409429436cf40d47c008
- https://git.kernel.org/stable/c/e8b8418ce14ae66ee55179901edd12191ab06a9e