CVE-2021-47186
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
tipc: check for null after calling kmemdup
kmemdup can return a null pointer so need to check for it, otherwise the null key will be dereferenced later in tipc_crypto_key_xmit as can be seen in the trace [1].
[1] https://syzkaller.appspot.com/bug?id=bca180abb29567b189efdbdb34cbf7ba851c2a58
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1ef6f7c9390ff5308c940ff8d0a53533a4673ad9 < a7d91625863d4ffed63b993b5e6dc1298b6430c9 | affected |
| Linux | Linux | 1ef6f7c9390ff5308c940ff8d0a53533a4673ad9 < 9404c4145542c23019a80ab1bb2ecf73cd057b10 | affected |
| Linux | Linux | 1ef6f7c9390ff5308c940ff8d0a53533a4673ad9 < 3e6db079751afd527bf3db32314ae938dc571916 | affected |
| Linux | Linux | 5.10 | affected |
| Linux | Linux | 0 < 5.10 | unaffected |
| Linux | Linux | 5.10.82 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.5 <= 5.15.* | unaffected |
| Linux | Linux | 5.16 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/a7d91625863d4ffed63b993b5e6dc1298b6430c9
- https://git.kernel.org/stable/c/9404c4145542c23019a80ab1bb2ecf73cd057b10
- https://git.kernel.org/stable/c/3e6db079751afd527bf3db32314ae938dc571916
References
- https://git.kernel.org/stable/c/a7d91625863d4ffed63b993b5e6dc1298b6430c9
- https://git.kernel.org/stable/c/9404c4145542c23019a80ab1bb2ecf73cd057b10
- https://git.kernel.org/stable/c/3e6db079751afd527bf3db32314ae938dc571916
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.