CVE-2021-47005

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> PCI: endpoint: Fix NULL pointer dereference for -&gt;get_features()<br /> <br /> get_features ops of pci_epc_ops may return NULL, causing NULL pointer<br /> dereference in pci_epf_test_alloc_space function. Let us add a check for<br /> pci_epc_feature pointer in pci_epf_test_bind before we access it to avoid<br /> any such NULL pointer dereference and return -ENOTSUPP in case<br /> pci_epc_feature is not found.<br /> <br /> When the patch is not applied and EPC features is not implemented in the<br /> platform driver, we see the following dump due to kernel NULL pointer<br /> dereference.<br /> <br /> Call trace:<br /> pci_epf_test_bind+0xf4/0x388<br /> pci_epf_bind+0x3c/0x80<br /> pci_epc_epf_link+0xa8/0xcc<br /> configfs_symlink+0x1a4/0x48c<br /> vfs_symlink+0x104/0x184<br /> do_symlinkat+0x80/0xd4<br /> __arm64_sys_symlinkat+0x1c/0x24<br /> el0_svc_common.constprop.3+0xb8/0x170<br /> el0_svc_handler+0x70/0x88<br /> el0_svc+0x8/0x640<br /> Code: d2800581 b9403ab9 f9404ebb 8b394f60 (f9400400)<br /> ---[ end trace a438e3c5a24f9df0 ]---