diff options
Diffstat (limited to 'cve/published/2021/CVE-2021-47164.mbox')
-rw-r--r-- | cve/published/2021/CVE-2021-47164.mbox | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/cve/published/2021/CVE-2021-47164.mbox b/cve/published/2021/CVE-2021-47164.mbox new file mode 100644 index 00000000..5f72a0ab --- /dev/null +++ b/cve/published/2021/CVE-2021-47164.mbox @@ -0,0 +1,70 @@ +From bippy-b4257b672505 Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +To: <linux-cve-announce@vger.kernel.org> +Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> +Subject: CVE-2021-47164: net/mlx5e: Fix null deref accessing lag dev +Message-Id: <2024032535-CVE-2021-47164-0581@gregkh> +Content-Length: 2096 +Lines: 53 +X-Developer-Signature: v=1; a=openpgp-sha256; l=2150; + i=gregkh@linuxfoundation.org; h=from:subject:message-id; + bh=+UUy18T2j6zLqwjWEIPzEBa6oRLVe1xkED0wCB1/f04=; + b=owGbwMvMwCRo6H6F97bub03G02pJDGmMDp+nrSvSEb8YK772bX1Lp4RDaISxyoT9nAI7Z8Vsm + PvXVT2kI5aFQZCJQVZMkeXLNp6j+ysOKXoZ2p6GmcPKBDKEgYtTACZyIpBhvrd64gPDNTNsRNll + Nv8M+ml39ugFN4b5OdwyS9M3+DRn8i37eU/2Stg1n++PAA== +X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; + fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 + +Description +=========== + +In the Linux kernel, the following vulnerability has been resolved: + +net/mlx5e: Fix null deref accessing lag dev + +It could be the lag dev is null so stop processing the event. +In bond_enslave() the active/backup slave being set before setting the +upper dev so first event is without an upper dev. +After setting the upper dev with bond_master_upper_dev_link() there is +a second event and in that event we have an upper dev. + +The Linux kernel CVE team has assigned CVE-2021-47164 to this issue. + + +Affected and fixed versions +=========================== + + Issue introduced in 5.8 with commit 7e51891a237f and fixed in 5.10.42 with commit 2e4b0b95a489 + Issue introduced in 5.8 with commit 7e51891a237f and fixed in 5.12.9 with commit bdfd3593a824 + Issue introduced in 5.8 with commit 7e51891a237f and fixed in 5.13 with commit 83026d83186b + +Please see https://www.kernel.org for a full list of currently supported +kernel versions by the kernel community. + +Unaffected versions might change over time as fixes are backported to +older supported kernel versions. The official CVE entry at + https://cve.org/CVERecord/?id=CVE-2021-47164 +will be updated if fixes are backported, please check that for the most +up to date information about this issue. + + +Affected files +============== + +The file(s) affected by this issue are: + drivers/net/ethernet/mellanox/mlx5/core/en/rep/bond.c + + +Mitigation +========== + +The Linux kernel CVE team recommends that you update to the latest +stable kernel version for this, and many other bugfixes. Individual +changes are never tested alone, but rather are part of a larger kernel +release. Cherry-picking individual commits is not recommended or +supported by the Linux kernel community at all. If however, updating to +the latest release is impossible, the individual changes to resolve this +issue can be found at these commits: + https://git.kernel.org/stable/c/2e4b0b95a489259f9d35a3db17023061f8f3d587 + https://git.kernel.org/stable/c/bdfd3593a8248eea6ecfcbf7b47b56b86515672d + https://git.kernel.org/stable/c/83026d83186bc48bb41ee4872f339b83f31dfc55 |