Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2021-47560

HistoryMay 24, 2024 - 3:15 p.m.

CVE-2021-47560

2024-05-2415:15:20

Debian Security Bug Tracker

security-tracker.debian.org

linux kernel

vulnerability

resolved

unix

AI Score

6.5

Confidence

High

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Protect driver from buggy firmware When processing port up/down events generated by the device’s firmware, the driver protects itself from events reported for non-existent local ports, but not the CPU port (local port 0), which exists, but lacks a netdev. This can result in a NULL pointer dereference when calling netif_carrier_{on,off}(). Fix this by bailing early when processing an event reported for the CPU port. Problem was only observed when running on top of a buggy emulator.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 5.15.15-1linux_5.15.15-1_all.deb
Debian11alllinux< 5.10.84-1linux_5.10.84-1_all.deb
Debian999alllinux< 5.15.15-1linux_5.15.15-1_all.deb
Debian13alllinux< 5.15.15-1linux_5.15.15-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 5.15.15-1	linux_5.15.15-1_all.deb
Debian	11	all	linux	< 5.10.84-1	linux_5.10.84-1_all.deb
Debian	999	all	linux	< 5.15.15-1	linux_5.15.15-1_all.deb
Debian	13	all	linux	< 5.15.15-1	linux_5.15.15-1_all.deb