CVE-2021-47308 - pub/scm/linux/kernel/git/sashal/vulns-desc - Git at Google

 The vulnerability, CVE-2021-47308, is an array index out of bounds exception in the `fc_rport_prli_resp()` function within the `libfc` module of the Linux kernel's SCSI subsystem. This function is responsible for handling PR LI (Process Login) responses from Fibre Channel targets.

 The issue arises when the function attempts to access an array element using an index that exceeds the bounds of the array, leading to undefined behavior and potential security risks. The vulnerability has been fixed in various kernel versions, including 4.14.241, 4.19.199, 5.4.135, 5.10.53, and 5.13.5.

 The fix involves updating the `fc_rport_prli_resp()` function to ensure that array indices are properly validated before accessing array elements. The affected file is `drivers/scsi/libfc/fc_rport.c`. Users are advised to update to the latest stable kernel version to resolve this issue, as individual changes are not tested or supported by the Linux kernel community.
	The vulnerability, CVE-2021-47308, is an array index out of bounds exception in the `fc_rport_prli_resp()` function within the `libfc` module of the Linux kernel's SCSI subsystem. This function is responsible for handling PR LI (Process Login) responses from Fibre Channel targets.

	The issue arises when the function attempts to access an array element using an index that exceeds the bounds of the array, leading to undefined behavior and potential security risks. The vulnerability has been fixed in various kernel versions, including 4.14.241, 4.19.199, 5.4.135, 5.10.53, and 5.13.5.

	The fix involves updating the `fc_rport_prli_resp()` function to ensure that array indices are properly validated before accessing array elements. The affected file is `drivers/scsi/libfc/fc_rport.c`. Users are advised to update to the latest stable kernel version to resolve this issue, as individual changes are not tested or supported by the Linux kernel community.