Vulnerabilities > CVE-2021-47560 - NULL Pointer Dereference vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Protect driver from buggy firmware When processing port up/down events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not the CPU port (local port 0), which exists, but lacks a netdev. This can result in a NULL pointer dereference when calling netif_carrier_{on,off}(). Fix this by bailing early when processing an event reported for the CPU port. Problem was only observed when running on top of a buggy emulator.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://git.kernel.org/stable/c/63b08b1f6834bbb0b4f7783bf63b80c8c8e9a047
- https://git.kernel.org/stable/c/63b08b1f6834bbb0b4f7783bf63b80c8c8e9a047
- https://git.kernel.org/stable/c/90d0736876c50ecde1a3275636a06b9ddb1cace9
- https://git.kernel.org/stable/c/90d0736876c50ecde1a3275636a06b9ddb1cace9
- https://git.kernel.org/stable/c/da4d70199e5d82da664a80077508d6c18f5e76df
- https://git.kernel.org/stable/c/da4d70199e5d82da664a80077508d6c18f5e76df