CVE-2021-47369

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue arises when qeth set online() calls qeth clear working pool list() to roll back after an error exit from qeth hardsetup card(), potentially accessing card->qdio.in q before it was allocated by qeth alloc qdio queues() via qeth mpc initialize(). This can lead to a NULL dereference, causing the system to scribble over the CPU's lowcore, resulting in a crash when those lowcore areas are used next. The scenario typically occurs when the device is first set online and its queues aren't allocated yet, and an early IO error or certain misconfigurations cause an error exit from qeth hardsetup card() with card->qdio.in q still being NULL.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.