CVE-2021-47503

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-47503
In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() Calling scsi_remove_host() before scsi_add_host() results in a crash: BUG: kernel NULL pointer dereference, address: 0000000000000108 RIP: 0010:device_del+0x63/0x440 Call Trace: device_unregister+0x17/0x60 scsi_remove_host+0xee/0x2a0 pm8001_pci_probe+0x6ef/0x1b90 [pm80xx] local_pci_probe+0x3f/0x90 We cannot call scsi_remove_host() in pm8001_alloc() because scsi_add_host() has not been called yet at that point in time. Function call tree: pm8001_pci_probe() | `- pm8001_pci_alloc() | | | `- pm8001_alloc() | | | `- scsi_remove_host() | `- scsi_add_host()

6.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://git.kernel.org/stable/c/1e434d2687e8bc0b3cdc9dd093c0e9047c0b4add
https://git.kernel.org/stable/c/653926205741add87a6cf452e21950eebc6ac10b
https://git.kernel.org/stable/c/f8dccc1bdea7e21b5ec06c957aef8831c772661c
Configurations

No configuration.

History

03 Jul 2024, 01:38

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.2
CWE CWE-476
Summary
  • (es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: pm80xx: No llamar a scsi_remove_host() en pm8001_alloc() Llamar a scsi_remove_host() antes de scsi_add_host() produce un bloqueo: ERROR: desreferencia del puntero NULL del kernel, dirección: 00000000000000108 RIP : 0010:device_del+0x63/0x440 Seguimiento de llamadas: device_unregister+0x17/0x60 scsi_remove_host+0xee/0x2a0 pm8001_pci_probe+0x6ef/0x1b90 [pm80xx] local_pci_probe+0x3f/0x90 No podemos llamar a scsi_remove_host() en pm8001_ alloc() porque scsi_add_host() no lo ha hecho sido llamado todavía en ese momento. Árbol de llamadas a funciones: pm8001_pci_probe() | `- pm8001_pci_alloc() | | | `- pm8001_alloc() | | | `- scsi_remove_host() | `- scsi_add_host()

24 May 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-24 15:15

Updated : 2024-07-03 01:38

NVD link : CVE-2021-47503

Mitre link : CVE-2021-47503

CVE.ORG link : CVE-2021-47503

JSON object : View

Products Affected

No product.

CWE
CWE-476

NULL Pointer Dereference