PT-2021-8227 · Linux+3 · Linux Kernel+3

Syzkaller

Published

2021-11-04

Updated

2024-12-02

CVE-2021-47578

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.15.0-syzk #1

Description The vulnerability is related to a null pointer dereference in the scsi debug component of the Linux kernel. When the size argument to kcalloc() is zero, it returns ZERO SIZE PTR, which can cause a null pointer dereference in the memcpy function. This can lead to a denial of service. The vulnerability is exploited by calling kcalloc() with a size argument of zero, which returns ZERO SIZE PTR. The resp verify() and resp report zones() functions are affected.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the scsi debug component. Specifically, update to a version later than 5.15.0-syzk #1. If an update is not available, consider disabling the scsi debug component or restricting access to the vulnerable resp verify() and resp report zones() functions until a patch is available.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2024-11540

CVE-2021-47578

OPENSUSE-SU-2024_2372-1

OPENSUSE-SU-2024_2394-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2021-8227 · Linux+3 · Linux Kernel+3

CVE-2021-47578

Weakness Enumeration

Related Identifiers

Affected Products

References · 1207