CVE-2021-47518 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done The done() netlink callback nfc_genl_dump_ses_done() should check if received argument is non-NULL, because its allocation could fail earlier in dumpit() (nfc_genl_dump_ses()).

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

References

Link	Resource
https://git.kernel.org/stable/c/3b861a40325eac9c4c13b6c53874ad90617e944d	Patch
https://git.kernel.org/stable/c/48fcd08fdbe05e35b650a252ec2a2d96057a1c7a	Patch
https://git.kernel.org/stable/c/4cd8371a234d051f9c9557fcbb1f8c523b1c0d10	Patch
https://git.kernel.org/stable/c/69bb79a8f5bb9f436b6f1434ca9742591b7bbe18	Patch
https://git.kernel.org/stable/c/811a7576747760bcaf60502f096d1e6e91d566fa	Patch
https://git.kernel.org/stable/c/83ea620a1be840bf05089a5061fb8323ca42f38c	Patch
https://git.kernel.org/stable/c/87cdb8789c38e44ae5454aafe277997c950d00ed	Patch
https://git.kernel.org/stable/c/fae9705d281091254d4a81fa2da9d22346097dca	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Linux

Published: 2024-05-24T15:09:31.334Z

Updated: 2024-06-17T17:36:34.295Z

Reserved: 2024-05-24T15:02:54.824Z

Link: CVE-2021-47518

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-05-24T15:15:13.557

Modified: 2024-06-10T18:43:43.857

Link: CVE-2021-47518

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47518", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-24T15:02:54.824Z", "datePublished": "2024-05-24T15:09:31.334Z", "dateUpdated": "2024-06-17T17:36:34.295Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:09:21.215Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done\n\nThe done() netlink callback nfc_genl_dump_ses_done() should check if\nreceived argument is non-NULL, because its allocation could fail earlier\nin dumpit() (nfc_genl_dump_ses())."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/nfc/netlink.c"], "versions": [{"version": "ac22ac466a65", "lessThan": "87cdb8789c38", "status": "affected", "versionType": "git"}, {"version": "ac22ac466a65", "lessThan": "69bb79a8f5bb", "status": "affected", "versionType": "git"}, {"version": "ac22ac466a65", "lessThan": "811a75767477", "status": "affected", "versionType": "git"}, {"version": "ac22ac466a65", "lessThan": "3b861a40325e", "status": "affected", "versionType": "git"}, {"version": "ac22ac466a65", "lessThan": "48fcd08fdbe0", "status": "affected", "versionType": "git"}, {"version": "ac22ac466a65", "lessThan": "83ea620a1be8", "status": "affected", "versionType": "git"}, {"version": "ac22ac466a65", "lessThan": "fae9705d2810", "status": "affected", "versionType": "git"}, {"version": "ac22ac466a65", "lessThan": "4cd8371a234d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/nfc/netlink.c"], "versions": [{"version": "3.12", "status": "affected"}, {"version": "0", "lessThan": "3.12", "status": "unaffected", "versionType": "custom"}, {"version": "4.4.295", "lessThanOrEqual": "4.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "4.9.293", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "custom"}, {"version": "4.14.258", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "custom"}, {"version": "4.19.221", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.4.165", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.85", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15.8", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/87cdb8789c38e44ae5454aafe277997c950d00ed"}, {"url": "https://git.kernel.org/stable/c/69bb79a8f5bb9f436b6f1434ca9742591b7bbe18"}, {"url": "https://git.kernel.org/stable/c/811a7576747760bcaf60502f096d1e6e91d566fa"}, {"url": "https://git.kernel.org/stable/c/3b861a40325eac9c4c13b6c53874ad90617e944d"}, {"url": "https://git.kernel.org/stable/c/48fcd08fdbe05e35b650a252ec2a2d96057a1c7a"}, {"url": "https://git.kernel.org/stable/c/83ea620a1be840bf05089a5061fb8323ca42f38c"}, {"url": "https://git.kernel.org/stable/c/fae9705d281091254d4a81fa2da9d22346097dca"}, {"url": "https://git.kernel.org/stable/c/4cd8371a234d051f9c9557fcbb1f8c523b1c0d10"}], "title": "nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T17:36:30.333493Z", "id": "CVE-2021-47518", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:36:34.295Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C065009-08E2-4077-B054-3FAB37A97562", "versionEndExcluding": "4.4.295", "versionStartIncluding": "3.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D107324-F4B9-4146-BACC-391E95D41D67", "versionEndExcluding": "4.9.293", "versionStartIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "71B2A056-7541-4FF3-859E-C55955DDA2DD", "versionEndExcluding": "4.14.258", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CECDDE2F-DEEF-4D3A-85FF-6AEBA16D225B", "versionEndExcluding": "4.19.221", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1DD3148-41FC-42AC-96A5-F63D774A97A3", "versionEndExcluding": "5.4.165", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9668578-08F7-4694-A86F-FCE448387A79", "versionEndExcluding": "5.10.85", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6664ACE2-F748-4AE5-B98B-58803B0B2C3E", "versionEndExcluding": "5.15.8", "versionStartIncluding": "5.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done\n\nThe done() netlink callback nfc_genl_dump_ses_done() should check if\nreceived argument is non-NULL, because its allocation could fail earlier\nin dumpit() (nfc_genl_dump_ses())."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: nfc: corrige la posible deref del puntero NULL en nfc_genl_dump_ses_done La devoluci\u00f3n de llamada de netlink done() nfc_genl_dump_ses_done() debe verificar si el argumento recibido no es NULL, porque su asignaci\u00f3n podr\u00eda fallar antes en dumpit() (nfc_genl_dump_ses())."}], "id": "CVE-2021-47518", "lastModified": "2024-06-10T18:43:43.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-24T15:15:13.557", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3b861a40325eac9c4c13b6c53874ad90617e944d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/48fcd08fdbe05e35b650a252ec2a2d96057a1c7a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4cd8371a234d051f9c9557fcbb1f8c523b1c0d10"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/69bb79a8f5bb9f436b6f1434ca9742591b7bbe18"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/811a7576747760bcaf60502f096d1e6e91d566fa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/83ea620a1be840bf05089a5061fb8323ca42f38c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/87cdb8789c38e44ae5454aafe277997c950d00ed"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fae9705d281091254d4a81fa2da9d22346097dca"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}