CVE-2021-47486

Summary

In the Linux kernel, the following vulnerability has been resolved:

riscv, bpf: Fix potential NULL dereference

The bpf_jit_binary_free() function requires a non-NULL argument. When the RISC-V BPF JIT fails to converge in NR_JIT_ITERATIONS steps, jit_data->header will be NULL, which triggers a NULL dereference. Avoid this by checking the argument, prior calling the function.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxca6cb5447ceca6a87d6b62c9e5d41042c34f7ffa < cac6b043cea3e120f4fccec16f7381747cbfdc0daffected
LinuxLinuxca6cb5447ceca6a87d6b62c9e5d41042c34f7ffa < e1b80a5ebe5431caeb20f88c32d4a024777a2d41affected
LinuxLinuxca6cb5447ceca6a87d6b62c9e5d41042c34f7ffa < 27de809a3d83a6199664479ebb19712533d6fd9baffected
LinuxLinux5.7affected
LinuxLinux0 < 5.7unaffected
LinuxLinux5.10.77 <= 5.10.*unaffected
LinuxLinux5.14.16 <= 5.14.*unaffected
LinuxLinux5.15 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References