CVE-2021-47559

In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() Coverity reports a possible NULL dereferencing problem: in smc_vlan_by_tcpsk(): 6. returned_null: netdev_lower_get_next returns NULL (checked 29 out of 30 times). 7. var_assigned: Assigning: ndev = NULL return value from netdev_lower_get_next. 1623 ndev = (struct net_device *)netdev_lower_get_next(ndev, &lower); CID 1468509 (#1 of 1): Dereference null return value (NULL_RETURNS) 8. dereference: Dereferencing a pointer that might be NULL ndev when calling is_vlan_dev. 1624 if (is_vlan_dev(ndev)) { Remove the manual implementation and use netdev_walk_all_lower_dev() to iterate over the lower devices. While on it remove an obsolete function parameter comment.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/587acad41f1bc48e16f42bb2aca63bf323380be8	Patch
https://git.kernel.org/stable/c/bb851d0fb02547d03cd40106b5f2391c4fed6ed1	Patch
https://git.kernel.org/stable/c/c94cbd262b6aa3b54d73a1ed1f9c0d19df57f4ff	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

10 Jun 2024, 19:22

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel::::::::
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/smc: corrige la desreferenciación del puntero NULL en smc_vlan_by_tcpsk() Coverity informa un posible problema de desreferenciación de NULL: en smc_vlan_by_tcpsk(): 6. return_null: netdev_lower_get_next devuelve NULL (comprobado 29 de 30 veces). 7. var_assigned: Asignación: ndev = valor de retorno NULL de netdev_lower_get_next. 1623 ndev = (struct net_device *)netdev_lower_get_next(ndev, &lower); CID 1468509 (#1 de 1): Desreferenciar valor de retorno nulo (NULL_RETURNS) 8. desreferencia: Desreferenciar un puntero que podría ser NULL ndev al llamar a is_vlan_dev. 1624 if (is_vlan_dev(ndev)) { Elimine la implementación manual y use netdev_walk_all_lower_dev() para iterar sobre los dispositivos inferiores. Mientras esté en él, elimine un comentario de parámetro de función obsoleto.
First Time		Linux Linux linux Kernel
References	~~() https://git.kernel.org/stable/c/587acad41f1bc48e16f42bb2aca63bf323380be8 -~~	() https://git.kernel.org/stable/c/587acad41f1bc48e16f42bb2aca63bf323380be8 - Patch
References	~~() https://git.kernel.org/stable/c/bb851d0fb02547d03cd40106b5f2391c4fed6ed1 -~~	() https://git.kernel.org/stable/c/bb851d0fb02547d03cd40106b5f2391c4fed6ed1 - Patch
References	~~() https://git.kernel.org/stable/c/c94cbd262b6aa3b54d73a1ed1f9c0d19df57f4ff -~~	() https://git.kernel.org/stable/c/c94cbd262b6aa3b54d73a1ed1f9c0d19df57f4ff - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-476

24 May 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-24 15:15

Updated : 2024-06-10 19:22

NVD link : CVE-2021-47559

Mitre link : CVE-2021-47559

CVE.ORG link : CVE-2021-47559

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10