Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2021-47610

Severity CVSS v4.0:
Pending analysis
Type:
CWE-476 NULL Pointer Dereference
Publication date:
19/06/2024
Last modified:
27/08/2024

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/msm: Fix null ptr access msm_ioctl_gem_submit()<br /> <br /> Fix the below null pointer dereference in msm_ioctl_gem_submit():<br /> <br /> 26545.260705: Call trace:<br /> 26545.263223: kref_put+0x1c/0x60<br /> 26545.266452: msm_ioctl_gem_submit+0x254/0x744<br /> 26545.270937: drm_ioctl_kernel+0xa8/0x124<br /> 26545.274976: drm_ioctl+0x21c/0x33c<br /> 26545.278478: drm_compat_ioctl+0xdc/0xf0<br /> 26545.282428: __arm64_compat_sys_ioctl+0xc8/0x100<br /> 26545.287169: el0_svc_common+0xf8/0x250<br /> 26545.291025: do_el0_svc_compat+0x28/0x54<br /> 26545.295066: el0_svc_compat+0x10/0x1c<br /> 26545.298838: el0_sync_compat_handler+0xa8/0xcc<br /> 26545.303403: el0_sync_compat+0x188/0x1c0<br /> 26545.307445: Code: d503201f d503201f 52800028 4b0803e8 (b8680008)<br /> 26545.318799: Kernel panic - not syncing: Oops: Fatal exception

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 5.15.10 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools