CVE-2021-47164

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A null dereference vulnerability has been resolved in the Linux kernel, specifically in the net/mlx5e module. The issue occurs when the lag dev is null, and the code attempts to access it, causing a null dereference. This happens in the bond enslave() function, where the active/backup slave is set before setting the upper dev, resulting in the first event being processed without an upper dev. After setting the upper dev with bond master upper dev link(), a second event is triggered, and in this event, an upper dev is present.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.