CVE-2021-47565

Severity CVSS v4.0:
Pending analysis
Type:
CWE-416 Use After Free
Publication date:
24/05/2024
Last modified:
18/09/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: mpt3sas: Fix kernel panic during drive powercycle test<br /> <br /> While looping over shost&amp;#39;s sdev list it is possible that one<br /> of the drives is getting removed and its sas_target object is<br /> freed but its sdev object remains intact.<br /> <br /> Consequently, a kernel panic can occur while the driver is trying to access<br /> the sas_address field of sas_target object without also checking the<br /> sas_target object for NULL.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 3.8 (including) 4.4.294 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.5 (including) 4.9.292 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.10 (including) 4.14.257 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.15 (including) 4.19.219 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.20 (including) 5.4.163 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.5 (including) 5.10.83 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.11 (including) 5.15.6 (excluding)
cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*