CVE - CVE-2021-47333

CVE-ID
CVE-2021-47333	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge There is an issue with the ASPM(optional) capability checking function. A device might be attached to root complex directly, in this case, bus->self(bridge) will be NULL, thus priv->parent_pdev is NULL. Since alcor_pci_init_check_aspm(priv->parent_pdev) checks the PCI link's ASPM capability and populate parent_cap_off, which will be used later by alcor_pci_aspm_ctrl() to dynamically turn on/off device, what we can do here is to avoid checking the capability if we are on the root complex. This will make pdev_cap_off 0 and alcor_pci_aspm_ctrl() will simply return when bring called, effectively disable ASPM for the device. [ 1.246492] BUG: kernel NULL pointer dereference, address: 00000000000000c0 [ 1.248731] RIP: 0010:pci_read_config_byte+0x5/0x40 [ 1.253998] Call Trace: [ 1.254131] ? alcor_pci_find_cap_offset.isra.0+0x3a/0x100 [alcor_pci] [ 1.254476] alcor_pci_probe+0x169/0x2d5 [alcor_pci]
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/09d154990ca82d14aed2b72796f6c8845e2e605d URL:https://git.kernel.org/stable/c/09d154990ca82d14aed2b72796f6c8845e2e605d MISC:https://git.kernel.org/stable/c/3ce3e45cc333da707d4d6eb433574b990bcc26f5 URL:https://git.kernel.org/stable/c/3ce3e45cc333da707d4d6eb433574b990bcc26f5 MISC:https://git.kernel.org/stable/c/58f69684ba03e5b0e0a3ae844a845280c0f06309 URL:https://git.kernel.org/stable/c/58f69684ba03e5b0e0a3ae844a845280c0f06309 MISC:https://git.kernel.org/stable/c/717cf5ae52322ddbdf3ac2c584b34c5970b0d174 URL:https://git.kernel.org/stable/c/717cf5ae52322ddbdf3ac2c584b34c5970b0d174 MISC:https://git.kernel.org/stable/c/d2639ffdcad463b358b6bef8645ff81715daffcb URL:https://git.kernel.org/stable/c/d2639ffdcad463b358b6bef8645ff81715daffcb
Assigning CNA
kernel.org
Date Record Created
20240521	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240521)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)