PT-2021-8155 · Linux+3 · Linux Kernel+3

James Smart

Published

2021-10-20

Updated

2026-03-14

CVE-2021-47183

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a NULL pointer dereference in the Linux kernel's lpfc component. This occurs when an FC link down transition happens while PLOGIs are outstanding to fabric well-known addresses, resulting in outstanding ABTS requests. The Link down processing leads to ABTS requests for outstanding ELS requests, and the Abort WQEs are sent before the driver sets the link state to down. In some conditions, the driver may auto-complete the ELSs, and if the link comes up, the Abort completions may reference an invalid structure. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2024-09141

CVE-2021-47183

DLA-4327-1

OESA-2024-1526

OESA-2024-1535

OPENSUSE-SU-2024_1489-1

OPENSUSE-SU-2024_1490-1

OPENSUSE-SU-2024_1641-1

OPENSUSE-SU-2024_1659-1

OPENSUSE-SU-2024_1663-1

SUSE-SU-2024:1454-1

SUSE-SU-2024:1465-1

SUSE-SU-2024:1489-1

SUSE-SU-2024:1490-1

SUSE-SU-2024:1641-1

SUSE-SU-2024:1643-1

SUSE-SU-2024:1646-1

SUSE-SU-2024:1647-1

SUSE-SU-2024:1659-1

SUSE-SU-2024:1663-1

SUSE-SU-2024:1870-1

Affected Products

Debian

Linux Kernel

Red Os

Suse

PT-2021-8155 · Linux+3 · Linux Kernel+3

CVE-2021-47183

Weakness Enumeration

Related Identifiers

Affected Products

References · 1179