CVE-2021-47486

HIGH

Linux Kernel - NULL Pointer Dereference in BPF JIT Compiler

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Fix potential NULL dereference The bpf_jit_binary_free() function requires a non-NULL argument. When the RISC-V BPF JIT fails to converge in NR_JIT_ITERATIONS steps, jit_data->header will be NULL, which triggers a NULL dereference. Avoid this by checking the argument, prior calling the function.

References (3)

Core 3

Core References

Patch

https://git.kernel.org/stable/c/cac6b043cea3e120f4fccec16f7381747cbfdc0d

Patch

https://git.kernel.org/stable/c/e1b80a5ebe5431caeb20f88c32d4a024777a2d41

Patch

https://git.kernel.org/stable/c/27de809a3d83a6199664479ebb19712533d6fd9b

Scores

CVSS v3 7.5

EPSS 0.0068

EPSS Percentile 47.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-476

Status published

Products (10)

Linux/Linux < 5.7

Linux/Linux 5.10.77 - 5.10.*

Linux/Linux 5.14.16 - 5.14.*

Linux/Linux 5.15

Linux/Linux 5.7

Linux/Linux ca6cb5447ceca6a87d6b62c9e5d41042c34f7ffa - 27de809a3d83a6199664479ebb19712533d6fd9b

Linux/Linux ca6cb5447ceca6a87d6b62c9e5d41042c34f7ffa - cac6b043cea3e120f4fccec16f7381747cbfdc0d

Linux/Linux ca6cb5447ceca6a87d6b62c9e5d41042c34f7ffa - e1b80a5ebe5431caeb20f88c32d4a024777a2d41

linux/linux_kernel 5.15 rc1 (7 CPE variants)

linux/linux_kernel 5.7 - 5.10.77

Published May 22, 2024

Tracked Since Feb 18, 2026