Linux · Linux Kernel · CVE-2021-47503
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue is related to a NULL pointer dereference in the pm80xx component of the Linux kernel. This can cause a crash when scsi remove host() is called before scsi add host(). The function call tree shows that pm8001 pci probe() calls pm8001 pci alloc(), which in turn calls pm8001 alloc() and then scsi remove host(), before scsi add host() is called. This results in a kernel crash due to a NULL pointer dereference.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.