Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-47439
HistoryMay 22, 2024 - 12:00 a.m.

CVE-2021-47439

2024-05-2200:00:00
ubuntu.com
ubuntu.com
3
linux kernel
vulnerability
dsa microchip
ksz module
null pointer
workqueue
mib interval

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

In the Linux kernel, the following vulnerability has been resolved: net:
dsa: microchip: Added the condition for scheduling ksz_mib_read_work When
the ksz module is installed and removed using rmmod, kernel crashes with
null pointer dereferrence error. During rmmod, ksz_switch_remove function
tries to cancel the mib_read_workqueue using cancel_delayed_work_sync
routine and unregister switch from dsa. During dsa_unregister_switch it
calls ksz_mac_link_down, which in turn reschedules the workqueue since
mib_interval is non-zero. Due to which queue executed after mib_interval
and it tries to access dp->slave. But the slave is unregistered in the
ksz_switch_remove function. Hence kernel crashes. To avoid this crash,
before canceling the workqueue, resetted the mib_interval to 0. v1 -> v2:
-Removed the if condition in ksz_mib_read_work

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%