CVE-2021-47560

Updated:

Description:

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Protect driver from buggy firmware When processing port up/down events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not the CPU port (local port 0), which exists, but lacks a netdev. This can result in a NULL pointer dereference when calling netif_carrier_{on,off}(). Fix this by bailing early when processing an event reported for the CPU port. Problem was only observed when running on top of a buggy emulator.

CVSS3: 5.5


Vendor State

OS Vendor version Errata
RHEL 8 4.18.0-553.22.1.el8_10 RHSA-2024:7000
Oracle Linux 8 4.18.0-553.22.1.el8_10 ELSA-2024-7000
AlmaLinux 8 4.18.0-553.22.1.el8_10 ALSA-2024:7000
Rocky Linux 8 4.18.0-553.22.1.el8_10 RLSA-2024:7000
RHEL8 EUS 8.6 4.18.0-372.126.1.el8_6 RHSA-2024:8161

KernelCare State

OS Original kernel version State
RHEL 8
Ready For Release
Oracle Linux 8
Will Not Fix
AlmaLinux 8
Will Not Fix
Rocky Linux 8
Will Not Fix
RHEL8 EUS 8.6
Ready For Release