SB2024070202 - Improper Initialization in Linux kernel hw mlx5 driver
Published: July 2, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024070202
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Initialization (CVE-ID: CVE-2021-47261)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the destroy_cq_user(), create_cq_kernel() and resize_kernel() functions in drivers/infiniband/hw/mlx5/cq.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1ec2dcd680c71d0d36fa25638b327a468babd5c9
- https://git.kernel.org/stable/c/e3ecd9c09fcc10cf6b2bc67e2990c397c40a8c26
- https://git.kernel.org/stable/c/91f7fdc4cc10542ca1045c06aad23365f0d067e0
- https://git.kernel.org/stable/c/3e670c54eda238cb8a1ea93538a79ae89285c1c4
- https://git.kernel.org/stable/c/2ba0aa2feebda680ecfc3c552e867cf4d1b05a3a
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.195
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.44
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.126