PT-2024-9045 · Linux+3 · Linux Kernel+3
Longpeng
·
Published
2024-05-24
·
Updated
2025-01-15
·
CVE-2021-47554
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue is related to the vdpa sim component of the Linux kernel, where a NULL pointer dereference can occur, potentially causing a system crash. This happens when an uninitialized iova domain is put, which can occur when an error happens before the iova domain is initialized in vdpasim create(). The system will crash if an uninitialized iova domain is put. To fix this, it is necessary to ensure the iova domain is initialized before it is used. Additionally, a warning may be triggered in drivers/iommu/iova.c if iova cache put() is invoked without a prior iova cache get().
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Use of Uninitialized Resource
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Linux Kernel
Red Os
Suse