CVE-2021-47003

Summary

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Fix potential null dereference on pointer status

There are calls to idxd_cmd_exec that pass a null status pointer however a recent commit has added an assignment to *status that can end up with a null pointer dereference. The function expects a null status pointer sometimes as there is a later assignment to *status where status is first null checked. Fix the issue by null checking status before making the assignment.

Addresses-Coverity: ("Explicit null dereferenced")

Affected Software

VendorProductVersion RangeStatus
LinuxLinux40e3b5c128645d2ddad12310c7be98758cafb2b0 < 5756f757c72501ef1a16f5f63f940623044180e9affected
LinuxLinux89e3becd8f821e507052e012d2559dcda59f538e < 2280b4cc29d8cdd2be3d1b2d1ea4f958e2131c97affected
LinuxLinux89e3becd8f821e507052e012d2559dcda59f538e < 7bc402f843e7817a4a808e7b9ab0bcd7ffd55bfaaffected
LinuxLinux89e3becd8f821e507052e012d2559dcda59f538e < 28ac8e03c43dfc6a703aa420d18222540b801120affected
LinuxLinux5.10.17 < 5.10.38affected
LinuxLinux5.11affected
LinuxLinux0 < 5.11unaffected
LinuxLinux5.10.38 <= 5.10.*unaffected
LinuxLinux5.11.22 <= 5.11.*unaffected
LinuxLinux5.12.5 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References