CVE-2021-47333

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-47333
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47333.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-47333
Related
Published
2024-05-21T15:15:20Z
Modified
2024-10-31T18:49:16.951932Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge

There is an issue with the ASPM(optional) capability checking function. A device might be attached to root complex directly, in this case, bus->self(bridge) will be NULL, thus priv->parentpdev is NULL. Since alcorpciinitcheckaspm(priv->parentpdev) checks the PCI link's ASPM capability and populate parentcapoff, which will be used later by alcorpciaspmctrl() to dynamically turn on/off device, what we can do here is to avoid checking the capability if we are on the root complex. This will make pdevcapoff 0 and alcorpciaspmctrl() will simply return when bring called, effectively disable ASPM for the device.

[ 1.246492] BUG: kernel NULL pointer dereference, address: 00000000000000c0 [ 1.248731] RIP: 0010:pcireadconfigbyte+0x5/0x40 [ 1.253998] Call Trace: [ 1.254131] ? alcorpcifindcapoffset.isra.0+0x3a/0x100 [alcorpci] [ 1.254476] alcorpciprobe+0x169/0x2d5 [alcor_pci]

References

Affected packages

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.10.70-1

Affected versions

5.*

5.10.46-4
5.10.46-5
5.10.70-1~bpo10+1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}