mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
1.0 KiB
1.0 KiB
CVE-2021-47560
Description
In the Linux kernel, the following vulnerability has been resolved:mlxsw: spectrum: Protect driver from buggy firmwareWhen processing port up/down events generated by the device's firmware,the driver protects itself from events reported for non-existent localports, but not the CPU port (local port 0), which exists, but lacks anetdev.This can result in a NULL pointer dereference when callingnetif_carrier_{on,off}().Fix this by bailing early when processing an event reported for the CPUport. Problem was only observed when running on top of a buggy emulator.
POC
Reference
No PoCs from references.