PT-2024-11490 · Linux+3 · Linux Kernel+3

Published

2021-11-24

Updated

2024-08-19

CVE-2021-47559

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL pointer dereferencing issue has been identified in the Linux kernel, specifically in the smc vlan by tcpsk() function. This issue arises when netdev lower get next returns NULL, which is then assigned to ndev. The problem occurs when is vlan dev is called with ndev, potentially leading to a NULL pointer dereference. The issue is resolved by removing the manual implementation and using netdev walk all lower dev() to iterate over lower devices.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-14247

CVE-2021-47559

OESA-2024-1692

OPENSUSE-SU-2024_2189-1

RHSA-2024:6990

RHSA-2024:6991

SUSE-SU-2024:2008-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:2892-1

SUSE-SU-2024:2901-1

SUSE-SU-2024:2940-1

Affected Products

Astra Linux

Linux Kernel

Red Os

Suse

PT-2024-11490 · Linux+3 · Linux Kernel+3

CVE-2021-47559

Weakness Enumeration

Related Identifiers

Affected Products

References · 1623