CVE-2021-47141

MEDIUM

Linux Kernel 5.3 - NULL Pointer Dereference in GVE Notification Block Freeing

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: gve: Add NULL pointer checks when freeing irqs. When freeing notification blocks, we index priv->msix_vectors. If we failed to allocate priv->msix_vectors (see abort_with_msix_vectors) this could lead to a NULL pointer dereference if the driver is unloaded.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/821149ee88c206fa37e79c1868cc270518484876

Patch

https://git.kernel.org/stable/c/da21a35c00ff1a1794d4f166d3b3fa8db4d0f6fb

Patch

https://git.kernel.org/stable/c/5278c75266c5094d3c0958793bf12fc90300e580

Patch

https://git.kernel.org/stable/c/5218e919c8d06279884aa0baf76778a6817d5b93

Scores

CVSS v3 5.5

EPSS 0.0022

EPSS Percentile 13.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (12)

Linux/Linux < 5.3

Linux/Linux 5.10.42 - 5.10.*

Linux/Linux 5.12.9 - 5.12.*

Linux/Linux 5.13

Linux/Linux 5.3

Linux/Linux 5.4.124 - 5.4.*

Linux/Linux 893ce44df56580fb878ca5af9c4a5fd87567da50 - 5218e919c8d06279884aa0baf76778a6817d5b93

Linux/Linux 893ce44df56580fb878ca5af9c4a5fd87567da50 - 5278c75266c5094d3c0958793bf12fc90300e580

Linux/Linux 893ce44df56580fb878ca5af9c4a5fd87567da50 - 821149ee88c206fa37e79c1868cc270518484876

Linux/Linux 893ce44df56580fb878ca5af9c4a5fd87567da50 - da21a35c00ff1a1794d4f166d3b3fa8db4d0f6fb

... and 2 more

Published Mar 25, 2024

Tracked Since Feb 18, 2026