CVE-2021-47486

In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Fix potential NULL dereference The bpf_jit_binary_free() function requires a non-NULL argument. When the RISC-V BPF JIT fails to converge in NR_JIT_ITERATIONS steps, jit_data->header will be NULL, which triggers a NULL dereference. Avoid this by checking the argument, prior calling the function.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/27de809a3d83a6199664479ebb19712533d6fd9b
https://git.kernel.org/stable/c/cac6b043cea3e120f4fccec16f7381747cbfdc0d
https://git.kernel.org/stable/c/e1b80a5ebe5431caeb20f88c32d4a024777a2d41

Configurations

No configuration.

History

03 Jul 2024, 01:38

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: riscv, bpf: corrige una posible desreferencia NULL La función bpf_jit_binary_free() requiere un argumento que no sea NULL. Cuando el JIT BPF de RISC-V no logra converger en los pasos NR_JIT_ITERATION, jit_data->header será NULL, lo que desencadena una desreferencia NULL. Evite esto verificando el argumento antes de llamar a la función.
CWE		CWE-476

22 May 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-22 09:15

Updated : 2024-07-03 01:38

NVD link : CVE-2021-47486

Mitre link : CVE-2021-47486

CVE.ORG link : CVE-2021-47486

JSON object : View

Products Affected

No product.

CWE

CWE-476

NULL Pointer Dereference

7.5 /10