SB20240531305 - NULL pointer dereference in Linux kernel qlogic qlcnic driver
Published: May 31, 2024 Updated: May 14, 2025
Security Bulletin ID
SB20240531305
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2021-47542)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qlcnic_83xx_add_rings() function in drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3a061d54e260b701b538873b43e399d9b8b83e03
- https://git.kernel.org/stable/c/b4f217d6fcc00c3fdc0921a7691f30be7490b073
- https://git.kernel.org/stable/c/550658a2d61e4eaf522c8ebc7fad76dc376bfb45
- https://git.kernel.org/stable/c/57af54a56024435d83e44c78449513b414eb6edf
- https://git.kernel.org/stable/c/bbeb0325a7460ebf1e03f5e0bfc5c652fba9519f
- https://git.kernel.org/stable/c/15fa12c119f869173f9b710cbe6a4a14071d2105
- https://git.kernel.org/stable/c/c5ef33c1489b2cd74368057fa00b5d2183bb5853
- https://git.kernel.org/stable/c/e2dabc4f7e7b60299c20a36d6a7b24ed9bf8e572
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.257
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.220
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.294
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.292
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.84
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.164