Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix potential null dereference on pointer status There are calls to idxd_cmd_exec that pass a null status pointer however a recent commit has added an assignment to *status that can end up with a null pointer dereference. The function expects a null status pointer sometimes as there is a later assignment to *status where status is first null checked. Fix the issue by null checking status before making the assignment. Addresses-Coverity: ("Explicit null dereferenced")
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.10.17, < 5.10.38 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/2280b4cc29d8cdd2be3d1b2d1ea4f958e2131c97Patch
- https://git.kernel.org/stable/c/28ac8e03c43dfc6a703aa420d18222540b801120Patch
- https://git.kernel.org/stable/c/5756f757c72501ef1a16f5f63f940623044180e9Patch
- https://git.kernel.org/stable/c/7bc402f843e7817a4a808e7b9ab0bcd7ffd55bfaPatch
- https://git.kernel.org/stable/c/2280b4cc29d8cdd2be3d1b2d1ea4f958e2131c97Patch
- https://git.kernel.org/stable/c/28ac8e03c43dfc6a703aa420d18222540b801120Patch
- https://git.kernel.org/stable/c/5756f757c72501ef1a16f5f63f940623044180e9Patch
- https://git.kernel.org/stable/c/7bc402f843e7817a4a808e7b9ab0bcd7ffd55bfaPatch
FAQ
What is CVE-2021-47003?
CVE-2021-47003 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix potential null dereference on pointer status There are calls to idxd_cmd_exec that pass a null status pointer...
How severe is CVE-2021-47003?
CVE-2021-47003 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-47003?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.