SB2024060110 - NULL pointer dereference in Linux kernel endpoint functions driver
Published: June 1, 2024 Updated: May 14, 2025
Security Bulletin ID
SB2024060110
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2021-47005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pci_epf_test_bind() function in drivers/pci/endpoint/functions/pci-epf-test.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/bbed83d7060e07a5d309104d25a00f0a24441428
- https://git.kernel.org/stable/c/679ebad058b8168f10e63876d63b0877fd2fe784
- https://git.kernel.org/stable/c/0169d4f0bee44fdfef908c13ed21fcb326c38695
- https://git.kernel.org/stable/c/6613bc2301ba291a1c5a90e1dc24cf3edf223c03
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.38
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.22
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13