CVE-2021-47560

Summary

In the Linux kernel, the following vulnerability has been resolved:

mlxsw: spectrum: Protect driver from buggy firmware

When processing port up/down events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not the CPU port (local port 0), which exists, but lacks a netdev.

This can result in a NULL pointer dereference when calling netif_carrier_{on,off}().

Fix this by bailing early when processing an event reported for the CPU port. Problem was only observed when running on top of a buggy emulator.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux28b1987ef5064dd5c43538ba1168ef7b801f3cad < 90d0736876c50ecde1a3275636a06b9ddb1cace9affected
LinuxLinux28b1987ef5064dd5c43538ba1168ef7b801f3cad < da4d70199e5d82da664a80077508d6c18f5e76dfaffected
LinuxLinux28b1987ef5064dd5c43538ba1168ef7b801f3cad < 63b08b1f6834bbb0b4f7783bf63b80c8c8e9a047affected
LinuxLinux5.4affected
LinuxLinux0 < 5.4unaffected
LinuxLinux5.10.83 <= 5.10.*unaffected
LinuxLinux5.15.6 <= 5.15.*unaffected
LinuxLinux5.16 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References