SB20240531317 - NULL pointer dereference in Linux kernel ethernet microchip driver

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2021-47440)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the encx24j600_spi_probe() function in drivers/net/ethernet/microchip/encx24j600.c, within the devm_regmap_init_encx24j600() function in drivers/net/ethernet/microchip/encx24j600-regmap.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/66358471fa75a713fd76bc8a4bd74cb14cd50a4f
• https://git.kernel.org/stable/c/f043fac1133a6c5ef960a8422c0f6dd711dee462
• https://git.kernel.org/stable/c/fddc7f678d7fb93caa0d7bc512f968ff1e2bddbc
• https://git.kernel.org/stable/c/5e5494e6fc8a29c927e0478bec4a078a40da8901
• https://git.kernel.org/stable/c/4c2eb80fc90b05559ce6ed1b8dfb2348420b5644
• https://git.kernel.org/stable/c/e19c10d6e07c59c96e90fe053a72683ad8b0397e
• https://git.kernel.org/stable/c/322c0e53496309e634d9db7349678eaad1d25b55
• https://git.kernel.org/stable/c/f03dca0c9e2297c84a018e306f8a9cd534ee4287
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.252
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.213
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.290
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.288
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.75
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.14
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.155