CVE-2021-47003
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
28/02/2024
Last modified:
09/12/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
dmaengine: idxd: Fix potential null dereference on pointer status<br />
<br />
There are calls to idxd_cmd_exec that pass a null status pointer however<br />
a recent commit has added an assignment to *status that can end up<br />
with a null pointer dereference. The function expects a null status<br />
pointer sometimes as there is a later assignment to *status where<br />
status is first null checked. Fix the issue by null checking status<br />
before making the assignment.<br />
<br />
Addresses-Coverity: ("Explicit null dereferenced")
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.10.17 (including) | 5.10.38 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.11.22 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.12 (including) | 5.12.5 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/2280b4cc29d8cdd2be3d1b2d1ea4f958e2131c97
- https://git.kernel.org/stable/c/28ac8e03c43dfc6a703aa420d18222540b801120
- https://git.kernel.org/stable/c/5756f757c72501ef1a16f5f63f940623044180e9
- https://git.kernel.org/stable/c/7bc402f843e7817a4a808e7b9ab0bcd7ffd55bfa
- https://git.kernel.org/stable/c/2280b4cc29d8cdd2be3d1b2d1ea4f958e2131c97
- https://git.kernel.org/stable/c/28ac8e03c43dfc6a703aa420d18222540b801120
- https://git.kernel.org/stable/c/5756f757c72501ef1a16f5f63f940623044180e9
- https://git.kernel.org/stable/c/7bc402f843e7817a4a808e7b9ab0bcd7ffd55bfa