In the Linux kernel, the following vulnerability has been resolved: mlxsw:
spectrum: Protect driver from buggy firmware When processing port up/down
events generated by the device’s firmware, the driver protects itself from
events reported for non-existent local ports, but not the CPU port (local
port 0), which exists, but lacks a netdev. This can result in a NULL
pointer dereference when calling netif_carrier_{on,off}(). Fix this by
bailing early when processing an event reported for the CPU port. Problem
was only observed when running on top of a buggy emulator.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-bluefield | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-gcp | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-gkeop | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-ibm | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-iot | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-kvm | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-oracle | < any | UNKNOWN |
git.kernel.org/linus/63b08b1f6834bbb0b4f7783bf63b80c8c8e9a047 (5.16-rc3)
git.kernel.org/stable/c/63b08b1f6834bbb0b4f7783bf63b80c8c8e9a047
git.kernel.org/stable/c/90d0736876c50ecde1a3275636a06b9ddb1cace9
git.kernel.org/stable/c/da4d70199e5d82da664a80077508d6c18f5e76df
launchpad.net/bugs/cve/CVE-2021-47560
nvd.nist.gov/vuln/detail/CVE-2021-47560
security-tracker.debian.org/tracker/CVE-2021-47560
www.cve.org/CVERecord?id=CVE-2021-47560