5.5
CVE-2021-47223
- EPSS 0.01%
- Veröffentlicht 21.05.2024 15:15:11
- Zuletzt bearbeitet 03.02.2025 16:11:14
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
LoginIn the Linux kernel, the following vulnerability has been resolved: net: bridge: fix vlan tunnel dst null pointer dereference This patch fixes a tunnel_dst null pointer dereference due to lockless access in the tunnel egress path. When deleting a vlan tunnel the tunnel_dst pointer is set to NULL without waiting a grace period (i.e. while it's still usable) and packets egressing are dereferencing it without checking. Use READ/WRITE_ONCE to annotate the lockless use of tunnel_id, use RCU for accessing tunnel_dst and make sure it is read only once and checked in the egress path. The dst is already properly RCU protected so we don't need to do anything fancy than to make sure tunnel_id and tunnel_dst are read only once and checked in the egress path.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.11 < 4.14.238
Linux ≫ Linux Kernel Version >= 4.15 < 4.19.196
Linux ≫ Linux Kernel Version >= 4.20 < 5.4.128
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.46
Linux ≫ Linux Kernel Version >= 5.11 < 5.12.13
Linux ≫ Linux Kernel Version5.13 Updaterc1
Linux ≫ Linux Kernel Version5.13 Updaterc2
Linux ≫ Linux Kernel Version5.13 Updaterc3
Linux ≫ Linux Kernel Version5.13 Updaterc4
Linux ≫ Linux Kernel Version5.13 Updaterc5
Linux ≫ Linux Kernel Version5.13 Updaterc6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.006 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.