Lucene search

416baaa9-dc9f-4396-8d5f-8c081fb06d67NVD:CVE-2021-47186

HistoryApr 10, 2024 - 7:15 p.m.

CVE-2021-47186

2024-04-1019:15:47

CWE-690

416baaa9-dc9f-4396-8d5f-8c081fb06d67

web.nvd.nist.gov

tipc

kmemdup

vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

Low

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

tipc: check for null after calling kmemdup

kmemdup can return a null pointer so need to check for it, otherwise
the null key will be dereferenced later in tipc_crypto_key_xmit as
can be seen in the trace [1].

[1] https://syzkaller.appspot.com/bug?id=bca180abb29567b189efdbdb34cbf7ba851c2a58

References

git.kernel.org/stable/c/3e6db079751afd527bf3db32314ae938dc571916

git.kernel.org/stable/c/9404c4145542c23019a80ab1bb2ecf73cd057b10

git.kernel.org/stable/c/a7d91625863d4ffed63b993b5e6dc1298b6430c9

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

Low

EPSS

Percentile

15.5%

JSON

Related for NVD:CVE-2021-47186