CVE-2021-47186

Summary

In the Linux kernel, the following vulnerability has been resolved:

tipc: check for null after calling kmemdup

kmemdup can return a null pointer so need to check for it, otherwise the null key will be dereferenced later in tipc_crypto_key_xmit as can be seen in the trace [1].

[1] https://syzkaller.appspot.com/bug?id=bca180abb29567b189efdbdb34cbf7ba851c2a58

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1ef6f7c9390ff5308c940ff8d0a53533a4673ad9 < a7d91625863d4ffed63b993b5e6dc1298b6430c9affected
LinuxLinux1ef6f7c9390ff5308c940ff8d0a53533a4673ad9 < 9404c4145542c23019a80ab1bb2ecf73cd057b10affected
LinuxLinux1ef6f7c9390ff5308c940ff8d0a53533a4673ad9 < 3e6db079751afd527bf3db32314ae938dc571916affected
LinuxLinux5.10affected
LinuxLinux0 < 5.10unaffected
LinuxLinux5.10.82 <= 5.10.*unaffected
LinuxLinux5.15.5 <= 5.15.*unaffected
LinuxLinux5.16 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References