SB20240531297 - NULL pointer dereference in Linux kernel scsi pm8001 driver
Published: May 31, 2024 Updated: May 14, 2025
Security Bulletin ID
SB20240531297
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2021-47503)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pm8001_alloc() function in drivers/scsi/pm8001/pm8001_init.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1e434d2687e8bc0b3cdc9dd093c0e9047c0b4add
- https://git.kernel.org/stable/c/f8dccc1bdea7e21b5ec06c957aef8831c772661c
- https://git.kernel.org/stable/c/653926205741add87a6cf452e21950eebc6ac10b
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.85
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16