CVE-2021-47134

MEDIUM

Linux Kernel 5.10-5.10.43 - NULL Pointer Dereference in FDT Parameter Processing

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: efi/fdt: fix panic when no valid fdt found setup_arch() would invoke efi_init()->efi_get_fdt_params(). If no valid fdt found then initial_boot_params will be null. So we should stop further fdt processing here. I encountered this issue on risc-v.

References (3)

Core 3

Scores

CVSS v3 5.5
EPSS 0.0023
EPSS Percentile 14.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-476
Status published
Products (10)
Linux/Linux < 5.10
Linux/Linux 5.10
Linux/Linux 5.10.43 - 5.10.*
Linux/Linux 5.12.10 - 5.12.*
Linux/Linux 5.13
Linux/Linux b91540d52a08b65eb6a2b09132e1bd54fa82754c - 5148066edbdc89c6fe5bc419c31a5c22e5f83bdb
Linux/Linux b91540d52a08b65eb6a2b09132e1bd54fa82754c - 668a84c1bfb2b3fd5a10847825a854d63fac7baa
Linux/Linux b91540d52a08b65eb6a2b09132e1bd54fa82754c - 8a7e8b4e5631a03ea2fee27957857a56612108ca
linux/linux_kernel 5.13 rc1 (4 CPE variants)
linux/linux_kernel 5.10 - 5.10.43
Published Mar 15, 2024
Tracked Since Feb 18, 2026