Main Vulnerability Database SB20240620111

SB20240620111 - Null pointer dereference in Linux kernel ethernet sfc driver

Published: June 20, 2024 Updated: May 13, 2025

Security Bulletin ID SB20240620111

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Null pointer dereference (CVE-ID: CVE-2021-46948)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to null pointer dereference error within the efx_farch_handle_tx_event() function in drivers/net/ethernet/sfc/farch.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/bf2b941d0a6f2d3b9f5fa3c4c21bdd54f71ce253
https://git.kernel.org/stable/c/35c7a83ad1bb1d48ae249346e61b1132bcbf9052
https://git.kernel.org/stable/c/e531db1ea6f98c9612cb2de093a107c7eadfb96c
https://git.kernel.org/stable/c/83b09a1807415608b387c7bc748d329fefc5617e
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.36
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.20
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.3
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13