PT-2024-11409 · Linux+2 · Linux Kernel+2

Heiko Thiery

Published

2021-09-21

Updated

2024-12-30

CVE-2021-47413

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0

Description A NULL pointer dereference issue has been identified in the Linux kernel when passing 'phys' in the devicetree to describe the USB PHY phandle. This issue occurs because the charger functions check for the phy presence inside the imx usbmisc data structure (data->usb phy), but the chipidea core populates the usb phy passed via 'phys' inside 'struct ci hdrc' (ci->usb phy) instead. The issue causes a NULL pointer dereference inside the imx7d charger detection() function.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, the fix involves also searching for 'phys' in case 'fsl,usbphy' is not found. As a temporary workaround, consider disabling the imx7d charger detection() function until a patch is available.

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-03655

CVE-2021-47413

OPENSUSE-SU-2024_2185-1

OPENSUSE-SU-2024_2189-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2010-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2185-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2024-11409 · Linux+2 · Linux Kernel+2

CVE-2021-47413

Weakness Enumeration

Related Identifiers

Affected Products

References · 1431