Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-47560

Опубликовано: 24 мая 2024
Источник: nvd
CVSS3: 5.5
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

mlxsw: spectrum: Protect driver from buggy firmware

When processing port up/down events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not the CPU port (local port 0), which exists, but lacks a netdev.

This can result in a NULL pointer dereference when calling netif_carrier_{on,off}().

Fix this by bailing early when processing an event reported for the CPU port. Problem was only observed when running on top of a buggy emulator.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.4 (включая) до 5.10.83 (исключая)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Версия от 5.11 (включая) до 5.15.6 (исключая)
cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*

EPSS

Процентиль: 12%
0.00042
Низкий

5.5 Medium

CVSS3

Дефекты

CWE-476

Связанные уязвимости

ubuntu логотип

CVE-2021-47560

CVSS3: 5.5
ubuntu
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Protect driver from buggy firmware When processing port up/down events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not the CPU port (local port 0), which exists, but lacks a netdev. This can result in a NULL pointer dereference when calling netif_carrier_{on,off}(). Fix this by bailing early when processing an event reported for the CPU port. Problem was only observed when running on top of a buggy emulator.

redhat логотип

CVE-2021-47560

CVSS3: 4.4
redhat
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Protect driver from buggy firmware When processing port up/down events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not the CPU port (local port 0), which exists, but lacks a netdev. This can result in a NULL pointer dereference when calling netif_carrier_{on,off}(). Fix this by bailing early when processing an event reported for the CPU port. Problem was only observed when running on top of a buggy emulator.

debian логотип

CVE-2021-47560

CVSS3: 5.5
debian
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: m ...

fstec логотип

BDU:2024-10670

CVSS3: 5.5
fstec
около 1 года назад

Уязвимость компонента spectrum ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

redos логотип

ROS-20241127-02

CVSS3: 7.8
redos
7 месяцев назад

Множественные уязвимости kernel-lt

EPSS

Процентиль: 12%
0.00042
Низкий

5.5 Medium

CVSS3

Дефекты

CWE-476