CVE-2021-47560 Information

May 25, 2024 cve

Description

In the Linux kernel the following vulnerability has been resolved:

mlxsw: spectrum: Protect driver from buggy firmware

When processing port up/down events generated by the device’s firmware the driver protects itself from events reported for non-existent local ports but not the CPU port (local port 0) which exists but lacks a netdev.

This can result in a NULL pointer dereference when calling netif_carrier_onoff().

Fix this by bailing early when processing an event reported for the CPU port. Problem was only observed when running on top of a buggy emulator.

Reference

https://git.kernel.org/stable/c/90d0736876c50ecde1a3275636a06b9ddb1cace9 https://git.kernel.org/stable/c/da4d70199e5d82da664a80077508d6c18f5e76df https://git.kernel.org/stable/c/63b08b1f6834bbb0b4f7783bf63b80c8c8e9a047

Share on: