CVE-2021-47439

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved. The issue occurs when the ksz module is installed and removed using rmmod, causing a kernel crash with a null pointer dereference error. This happens because the ksz switch remove function tries to cancel the mib read workqueue using the cancel delayed work sync routine and unregister the switch from dsa. During dsa unregister switch, it calls ksz mac link down, which reschedules the workqueue since mib interval is non-zero. As a result, the queue is executed after mib interval and tries to access dp->slave, but the slave is unregistered in the ksz switch remove function, leading to a kernel crash. To avoid this crash, the mib interval is reset to 0 before canceling the workqueue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.