CVE-2021-47164

Summary

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix null deref accessing lag dev

It could be the lag dev is null so stop processing the event. In bond_enslave() the active/backup slave being set before setting the upper dev so first event is without an upper dev. After setting the upper dev with bond_master_upper_dev_link() there is a second event and in that event we have an upper dev.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7e51891a237f9ea319f53f9beb83afb0077d88e6 < 2e4b0b95a489259f9d35a3db17023061f8f3d587affected
LinuxLinux7e51891a237f9ea319f53f9beb83afb0077d88e6 < bdfd3593a8248eea6ecfcbf7b47b56b86515672daffected
LinuxLinux7e51891a237f9ea319f53f9beb83afb0077d88e6 < 83026d83186bc48bb41ee4872f339b83f31dfc55affected
LinuxLinux5.8affected
LinuxLinux0 < 5.8unaffected
LinuxLinux5.10.42 <= 5.10.*unaffected
LinuxLinux5.12.9 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References