PT-2024-11432 · Linux+2 · Linux Kernel+2

Miquel Raynal

Published

2021-10-06

Updated

2024-06-25

CVE-2021-47436

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.70

Description A vulnerability in the Linux kernel has been resolved, which was caused by an incorrect inversion of calls to dsps setup optional vbus irq() and dsps create musb pdev() without updating the error path. This led to a kernel crash due to a NULL pointer dereference on the Beagle Bone Black Wireless when using the USB Ethernet gadget driver. The issue occurred because dsps create musb pdev() allocates and registers a new platform device, which must be unregistered and freed with platform device unregister(), but this was missing upon dsps setup optional vbus irq() error.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the error path. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-03658

CVE-2021-47436

OPENSUSE-SU-2024_2185-1

OPENSUSE-SU-2024_2189-1

SUSE-SU-2024:1979-1

SUSE-SU-2024:1983-1

SUSE-SU-2024:2008-1

SUSE-SU-2024:2010-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2183-1

SUSE-SU-2024:2184-1

SUSE-SU-2024:2185-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2024-11432 · Linux+2 · Linux Kernel+2

CVE-2021-47436

Weakness Enumeration

Related Identifiers

Affected Products

References · 1518