5.5

CVE-2021-47186

tipc: check for null after calling kmemdup

In the Linux kernel, the following vulnerability has been resolved:

tipc: check for null after calling kmemdup

kmemdup can return a null pointer so need to check for it, otherwise
the null key will be dereferenced later in tipc_crypto_key_xmit as
can be seen in the trace [1].


[1] https://syzkaller.appspot.com/bug?id=bca180abb29567b189efdbdb34cbf7ba851c2a58
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.5 < 5.10.82
LinuxLinux Kernel Version >= 5.11 < 5.15.5
LinuxLinux Kernel Version5.16 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.125
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/3e6db079751afd527bf3db32314ae938dc571916
Patch
https://git.kernel.org/stable/c/9404c4145542c23019a80ab1bb2ecf73cd057b10
Patch
https://git.kernel.org/stable/c/a7d91625863d4ffed63b993b5e6dc1298b6430c9
Patch