VDB
CISA-2021-47560
CISA-2021-47560
PUBLISHED
Reported by Linux · Published May 24, 2024
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Protect driver from buggy firmware When processing port up/down events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not the CPU port (local port 0), which exists, but lacks a netdev. This can result in a NULL pointer dereference when calling netif_carrier_{on,off}(). Fix this by bailing early when processing an event reported for the CPU port. Problem was only observed when running on top of a buggy emulator.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 28b1987ef5064dd5c43538ba1168ef7b801f3cad, 28b1987ef5064dd5c43538ba1168ef7b801f3cad, 28b1987ef5064dd5c43538ba1168ef7b801f3cad |
| Linux | Linux | 5.4, 0, 5.10.83 |
| Linux | Linux | 28b1987ef5064dd5c43538ba1168ef7b801f3cad, 28b1987ef5064dd5c43538ba1168ef7b801f3cad, 28b1987ef5064dd5c43538ba1168ef7b801f3cad |
Timeline
- May 24, 2024 CVE Published
- Dec 19, 2024 CVE Updated