CVE-2021-47164

net/mlx5e: Fix null deref accessing lag dev

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event.
In bond_enslave() the active/backup slave being set before setting the
upper dev so first event is without an upper dev.
After setting the upper dev with bond_master_upper_dev_link() there is
a second event and in that event we have an upper dev.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net/mlx5e: corrigió el deref nulo al acceder a lag dev. Podría ser que el lag dev sea nulo, así que deje de procesar el evento. En bond_enslave(), el esclavo activo/de respaldo se configura antes de configurar el desarrollo superior, por lo que el primer evento es sin un desarrollo superior. Después de configurar el desarrollo superior con bond_master_upper_dev_link() hay un segundo evento y en ese evento tenemos un desarrollo superior.

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bond_enslave() the active/backup slave being set before setting the upper dev so first event is without an upper dev. After setting the upper dev with bond_master_upper_dev_link() there is a second event and in that event we have an upper dev.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-03-25 CVE Reserved
2024-03-25 CVE Published
2024-12-19 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/7e51891a237f9ea319f53f9beb83afb0077d88e6	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/2e4b0b95a489259f9d35a3db17023061f8f3d587	2021-06-03
https://git.kernel.org/stable/c/bdfd3593a8248eea6ecfcbf7b47b56b86515672d	2021-06-03
https://git.kernel.org/stable/c/83026d83186bc48bb41ee4872f339b83f31dfc55	2021-05-19

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.8 < 5.10.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.8 < 5.10.42"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.8 < 5.12.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.8 < 5.12.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.8 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.8 < 5.13"		en		Affected