CVE-2021-47055: mtd: require write permissions for locking and badblock ioctls

Published Feb 29, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

mtd: require write permissions for locking and badblock ioctls

MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require write permission. Depending on the hardware MEMLOCK might even be write-once, e.g. for SPI-NOR flashes with their WP# tied to GND. OTPLOCK is always write-once.

MEMSETBADBLOCK modifies the bad block table.

Other sources

In the Linux kernel, the following vulnerability has been resolved:

mtd: require write permissions for locking and badblock ioctls

The Linux kernel CVE team has assigned CVE-2021-47055 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024022950-CVE-2021-47055-6927@gregkh/T/#u

Red Hat

Affected Software

22 affected componentsFixes available
redhat/kernel<4.4.269
4.4.269
redhat/kernel<4.9.269
4.9.269
redhat/kernel<4.14.233
4.14.233
redhat/kernel<4.19.191
4.19.191
redhat/kernel<5.4.119
5.4.119
redhat/kernel<5.10.37
5.10.37
redhat/kernel<5.11.21
5.11.21
redhat/kernel<5.12.4
5.12.4
redhat/kernel<5.13
5.13
Linux Linux kernel>=4.4.233<4.4.269
Linux Linux kernel>=4.9.233<4.9.269
Linux Linux kernel>=4.14.194<4.14.233
Linux Linux kernel>=4.19.139<4.19.191
Linux Linux kernel>=5.4.58<5.4.119
Linux Linux kernel>=5.9<5.10.37
Linux Linux kernel>=5.11<5.11.21
Linux Linux kernel>=5.12<5.12.4
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.133-16.12.22-16.12.25-1

Remediation

Patch Available

https://git.kernel.org/stable/c/077259f5e777c3c8821f6b41dee709fcda27306b

Patch Available

https://git.kernel.org/stable/c/1e97743fd180981bef5f01402342bb54bf1c6366

Patch Available

https://git.kernel.org/stable/c/5880afefe0cb9b2d5e801816acd58bfe91a96981

Patch Available

https://git.kernel.org/stable/c/75ed985bd6c8ac1d4e673e93ea9d96c9908c1d37

Patch Available

https://git.kernel.org/stable/c/7b6552719c0ccbbea29dde4be141da54fdb5877e

Patch Available

https://git.kernel.org/stable/c/9625b00cac6630479c0ff4b9fafa88bee636e1f0

Patch Available

https://git.kernel.org/stable/c/a08799d3e8c8088640956237c183f83463c39668

Patch Available

https://git.kernel.org/stable/c/f4d28d8b9b0e7c4ae04214b8d7e0b0466ec6bcaf

Patch Available

https://git.kernel.org/stable/c/f73b29819c6314c0ba8b7d5892dfb03487424bee

Event History

Feb 29, 2024
CVE Published
via MITRE·10:37 PM
Data Sourced
via MITRE·10:37 PM
Description
Mar 1, 2024
Data Sourced
via Red Hat·05:09 AM
DescriptionSeverityAffected Software
Dec 10, 2024
Data Sourced
via Launchpad·09:11 PM
Description
Apr 27, 2025
Data Sourced
via Ubuntu·12:14 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2021-47055?

CVE-2021-47055 has a medium severity due to improper permission checks in the Linux kernel.

2

How do I fix CVE-2021-47055?

To fix CVE-2021-47055, you should update your Linux kernel to the specified patched versions such as 4.4.269, 4.9.269, 4.14.233, or others listed in the advisory.

3

Which Linux kernel versions are affected by CVE-2021-47055?

CVE-2021-47055 affects multiple Linux kernel versions prior to the patched versions including 4.4.269, 4.9.269, 4.14.233, and later.

4

Is CVE-2021-47055 specific to any distribution of Linux?

CVE-2021-47055 is applicable to various distributions of Linux that use the affected kernel versions such as Red Hat and Debian.

5

What are the consequences of not addressing CVE-2021-47055?

Failing to address CVE-2021-47055 may lead to unauthorized write access to critical parts of the memory, compromising system integrity.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203