CVE-2021-47486

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The issue is related to a potential NULL dereference in the riscv, bpf components of the Linux kernel. This occurs when the RISC-V BPF JIT fails to converge in NR JIT ITERATIONS steps, resulting in jit data->header being NULL. The bpf jit binary free() function requires a non-NULL argument, and when this condition is not met, it triggers a NULL dereference. This could allow an attacker to cause a denial of service.

Recommendations: To resolve the issue, check the argument prior to calling the bpf jit binary free() function to avoid the NULL dereference. As a temporary workaround, consider adding a check for jit data->header being NULL before calling bpf jit binary free() to prevent the NULL dereference. At the moment, there is no information about a newer version that contains a fix for this vulnerability.