CVE-2021-47164 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: Fix null deref accessing lag dev

It could be the lag dev is null so stop processing the event.
In bond_enslave() the active/backup slave being set before setting the
upper dev so first event is without an upper dev.
After setting the upper dev with bond_master_upper_dev_link() there is
a second event and in that event we have an upper dev.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/2e4b0b95a489259f9d35a3db17023061f8f3d587
https://git.kernel.org/stable/c/83026d83186bc48bb41ee4872f339b83f31dfc55
https://git.kernel.org/stable/c/bdfd3593a8248eea6ecfcbf7b47b56b86515672d
https://lore.kernel.org/linux-cve-announce/2024032535-CVE-2021-47164-0581@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2021-47164
https://www.cve.org/CVERecord?id=CVE-2021-47164

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-03-25T09:16:17.592Z

Updated: 2025-05-04T07:05:23.324Z

Reserved: 2024-03-25T09:12:14.109Z

Link: CVE-2021-47164

Vulnrichment

Updated: 2024-05-23T19:01:19.880Z

NVD

Status : Modified

Published: 2024-03-25T10:15:08.577

Modified: 2024-11-21T06:35:31.987

Link: CVE-2021-47164

Redhat

Severity : Moderate

Publid Date: 2024-03-25T00:00:00Z

Links: CVE-2021-47164 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47164", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-25T09:12:14.109Z", "datePublished": "2024-03-25T09:16:17.592Z", "dateUpdated": "2025-05-04T07:05:23.324Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:05:23.324Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix null deref accessing lag dev\n\nIt could be the lag dev is null so stop processing the event.\nIn bond_enslave() the active/backup slave being set before setting the\nupper dev so first event is without an upper dev.\nAfter setting the upper dev with bond_master_upper_dev_link() there is\na second event and in that event we have an upper dev."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/en/rep/bond.c"], "versions": [{"version": "7e51891a237f9ea319f53f9beb83afb0077d88e6", "lessThan": "2e4b0b95a489259f9d35a3db17023061f8f3d587", "status": "affected", "versionType": "git"}, {"version": "7e51891a237f9ea319f53f9beb83afb0077d88e6", "lessThan": "bdfd3593a8248eea6ecfcbf7b47b56b86515672d", "status": "affected", "versionType": "git"}, {"version": "7e51891a237f9ea319f53f9beb83afb0077d88e6", "lessThan": "83026d83186bc48bb41ee4872f339b83f31dfc55", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/en/rep/bond.c"], "versions": [{"version": "5.8", "status": "affected"}, {"version": "0", "lessThan": "5.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.42", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.9", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.10.42"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.12.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8", "versionEndExcluding": "5.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/2e4b0b95a489259f9d35a3db17023061f8f3d587"}, {"url": "https://git.kernel.org/stable/c/bdfd3593a8248eea6ecfcbf7b47b56b86515672d"}, {"url": "https://git.kernel.org/stable/c/83026d83186bc48bb41ee4872f339b83f31dfc55"}], "title": "net/mlx5e: Fix null deref accessing lag dev", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47164", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-28T18:24:43.257372Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:14:45.571Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:40.229Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2e4b0b95a489259f9d35a3db17023061f8f3d587", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/bdfd3593a8248eea6ecfcbf7b47b56b86515672d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/83026d83186bc48bb41ee4872f339b83f31dfc55", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47164", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-25T09:12:14.109Z", "datePublished": "2024-03-25T09:16:17.592Z", "dateUpdated": "2024-06-04T17:14:45.571Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:03:09.305Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix null deref accessing lag dev\n\nIt could be the lag dev is null so stop processing the event.\nIn bond_enslave() the active/backup slave being set before setting the\nupper dev so first event is without an upper dev.\nAfter setting the upper dev with bond_master_upper_dev_link() there is\na second event and in that event we have an upper dev."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/en/rep/bond.c"], "versions": [{"version": "7e51891a237f", "lessThan": "2e4b0b95a489", "status": "affected", "versionType": "git"}, {"version": "7e51891a237f", "lessThan": "bdfd3593a824", "status": "affected", "versionType": "git"}, {"version": "7e51891a237f", "lessThan": "83026d83186b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/en/rep/bond.c"], "versions": [{"version": "5.8", "status": "affected"}, {"version": "0", "lessThan": "5.8", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.42", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.12.9", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/2e4b0b95a489259f9d35a3db17023061f8f3d587"}, {"url": "https://git.kernel.org/stable/c/bdfd3593a8248eea6ecfcbf7b47b56b86515672d"}, {"url": "https://git.kernel.org/stable/c/83026d83186bc48bb41ee4872f339b83f31dfc55"}], "title": "net/mlx5e: Fix null deref accessing lag dev", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47164", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-28T18:24:43.257372Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:19.880Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEC61F06-F018-4A5F-84C4-4A6BE3E894E3", "versionEndExcluding": "5.10.42", "versionStartIncluding": "5.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C8A1D02-81A7-44E5-ACFD-CC6A6694F930", "versionEndExcluding": "5.12.9", "versionStartIncluding": "5.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix null deref accessing lag dev\n\nIt could be the lag dev is null so stop processing the event.\nIn bond_enslave() the active/backup slave being set before setting the\nupper dev so first event is without an upper dev.\nAfter setting the upper dev with bond_master_upper_dev_link() there is\na second event and in that event we have an upper dev."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net/mlx5e: corrigi\u00f3 el deref nulo al acceder a lag dev. Podr\u00eda ser que el lag dev sea nulo, as\u00ed que deje de procesar el evento. En bond_enslave(), el esclavo activo/de respaldo se configura antes de configurar el desarrollo superior, por lo que el primer evento es sin un desarrollo superior. Despu\u00e9s de configurar el desarrollo superior con bond_master_upper_dev_link() hay un segundo evento y en ese evento tenemos un desarrollo superior."}], "id": "CVE-2021-47164", "lastModified": "2024-11-21T06:35:31.987", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-25T10:15:08.577", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2e4b0b95a489259f9d35a3db17023061f8f3d587"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/83026d83186bc48bb41ee4872f339b83f31dfc55"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bdfd3593a8248eea6ecfcbf7b47b56b86515672d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2e4b0b95a489259f9d35a3db17023061f8f3d587"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/83026d83186bc48bb41ee4872f339b83f31dfc55"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bdfd3593a8248eea6ecfcbf7b47b56b86515672d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net/mlx5e: Fix null deref accessing lag dev", "id": "2271451", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271451"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet/mlx5e: Fix null deref accessing lag dev\nIt could be the lag dev is null so stop processing the event.\nIn bond_enslave() the active/backup slave being set before setting the\nupper dev so first event is without an upper dev.\nAfter setting the upper dev with bond_master_upper_dev_link() there is\na second event and in that event we have an upper dev.", "A vulnerability was found in the net/mlx5e driver in the Linux kernel where a NULL pointer dereference was caused when accessing a lag device. This issue occurred because the driver processed an event without confirming the existence of an upper device, which led to potential crashes."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2021-47164", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47164\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47164\nhttps://lore.kernel.org/linux-cve-announce/2024032535-CVE-2021-47164-0581@gregkh/T"], "threat_severity": "Moderate"}