CVE-2021-47045
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb()
It is possible to call lpfc_issue_els_plogi() passing a did for which no matching ndlp is found. A call is then made to lpfc_prep_els_iocb() with a null pointer to a lpfc_nodelist structure resulting in a null pointer dereference.
Fix by returning an error status if no valid ndlp is found. Fix up comments regarding ndlp reference counting.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 4430f7fd09ecb037570119e0aacbf0c17b8f98b2 < a09677de458d500b00701f6036baa423d9995408 | affected |
| Linux | Linux | 4430f7fd09ecb037570119e0aacbf0c17b8f98b2 < 9bdcfbed2a9fe24d2c7eaa1bad7c705e18de8cc7 | affected |
| Linux | Linux | 4430f7fd09ecb037570119e0aacbf0c17b8f98b2 < 8dd1c125f7f838abad009b64bff5f0a11afe3cb6 | affected |
| Linux | Linux | 5.11 | affected |
| Linux | Linux | 0 < 5.11 | unaffected |
| Linux | Linux | 5.11.21 <= 5.11.* | unaffected |
| Linux | Linux | 5.12.4 <= 5.12.* | unaffected |
| Linux | Linux | 5.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/a09677de458d500b00701f6036baa423d9995408
- https://git.kernel.org/stable/c/9bdcfbed2a9fe24d2c7eaa1bad7c705e18de8cc7
- https://git.kernel.org/stable/c/8dd1c125f7f838abad009b64bff5f0a11afe3cb6
References
- https://git.kernel.org/stable/c/a09677de458d500b00701f6036baa423d9995408
- https://git.kernel.org/stable/c/9bdcfbed2a9fe24d2c7eaa1bad7c705e18de8cc7
- https://git.kernel.org/stable/c/8dd1c125f7f838abad009b64bff5f0a11afe3cb6
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.