VDB

CISA-2021-47560

CISA-2021-47560 PUBLISHED

Reported by Linux · Published May 24, 2024

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Protect driver from buggy firmware When processing port up/down events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not the CPU port (local port 0), which exists, but lacks a netdev. This can result in a NULL pointer dereference when calling netif_carrier_{on,off}(). Fix this by bailing early when processing an event reported for the CPU port. Problem was only observed when running on top of a buggy emulator.

Affected Products

VendorProductVersions
LinuxLinux28b1987ef5064dd5c43538ba1168ef7b801f3cad, 28b1987ef5064dd5c43538ba1168ef7b801f3cad, 28b1987ef5064dd5c43538ba1168ef7b801f3cad
LinuxLinux5.4, 0, 5.10.83
LinuxLinux28b1987ef5064dd5c43538ba1168ef7b801f3cad, 28b1987ef5064dd5c43538ba1168ef7b801f3cad, 28b1987ef5064dd5c43538ba1168ef7b801f3cad

Timeline

  • May 24, 2024 CVE Published
  • Dec 19, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›