CVE-2021-47005
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-47005
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47005.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-47005
- Related
- Published
- 2024-02-28T09:15:38Z
- Modified
- 2024-09-11T02:00:05Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: Fix NULL pointer dereference for ->get_features()
getfeatures ops of pciepcops may return NULL, causing NULL pointer dereference in pciepftestallocspace function. Let us add a check for pciepcfeature pointer in pciepftestbind before we access it to avoid any such NULL pointer dereference and return -ENOTSUPP in case pciepcfeature is not found.
When the patch is not applied and EPC features is not implemented in the platform driver, we see the following dump due to kernel NULL pointer dereference.
Call trace: pciepftestbind+0xf4/0x388 pciepfbind+0x3c/0x80 pciepcepflink+0xa8/0xcc configfssymlink+0x1a4/0x48c vfssymlink+0x104/0x184 dosymlinkat+0x80/0xd4 _arm64syssymlinkat+0x1c/0x24 el0svccommon.constprop.3+0xb8/0x170 el0svchandler+0x70/0x88 el0_svc+0x8/0x640 Code: d2800581 b9403ab9 f9404ebb 8b394f60 (f9400400) ---[ end trace a438e3c5a24f9df0 ]---
- References
-
- https://git.kernel.org/stable/c/0169d4f0bee44fdfef908c13ed21fcb326c38695
- https://git.kernel.org/stable/c/6613bc2301ba291a1c5a90e1dc24cf3edf223c03
- https://git.kernel.org/stable/c/679ebad058b8168f10e63876d63b0877fd2fe784
- https://git.kernel.org/stable/c/bbed83d7060e07a5d309104d25a00f0a24441428
- https://security-tracker.debian.org/tracker/CVE-2021-47005
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source