{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47486", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-22T06:20:56.201Z", "datePublished": "2024-05-22T08:19:36.818Z", "dateUpdated": "2024-08-20T20:47:36.231Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:08:48.449Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv, bpf: Fix potential NULL dereference\n\nThe bpf_jit_binary_free() function requires a non-NULL argument. When\nthe RISC-V BPF JIT fails to converge in NR_JIT_ITERATIONS steps,\njit_data->header will be NULL, which triggers a NULL\ndereference. Avoid this by checking the argument, prior calling the\nfunction."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/riscv/net/bpf_jit_core.c"], "versions": [{"version": "ca6cb5447cec", "lessThan": "cac6b043cea3", "status": "affected", "versionType": "git"}, {"version": "ca6cb5447cec", "lessThan": "e1b80a5ebe54", "status": "affected", "versionType": "git"}, {"version": "ca6cb5447cec", "lessThan": "27de809a3d83", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["arch/riscv/net/bpf_jit_core.c"], "versions": [{"version": "5.7", "status": "affected"}, {"version": "0", "lessThan": "5.7", "status": "unaffected", "versionType": "custom"}, {"version": "5.10.77", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.14.16", "lessThanOrEqual": "5.14.*", "status": "unaffected", "versionType": "custom"}, {"version": "5.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/cac6b043cea3e120f4fccec16f7381747cbfdc0d"}, {"url": "https://git.kernel.org/stable/c/e1b80a5ebe5431caeb20f88c32d4a024777a2d41"}, {"url": "https://git.kernel.org/stable/c/27de809a3d83a6199664479ebb19712533d6fd9b"}], "title": "riscv, bpf: Fix potential NULL dereference", "x_generator": {"engine": "bippy-a5840b7849dd"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "CWE-476 NULL Pointer Dereference"}]}], "affected": [{"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "ca6cb5447cec", "status": "affected", "lessThan": "cac6b043cea3", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.7", "status": "affected"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.10.77", "status": "unaffected", "lessThanOrEqual": "5.11", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.14.16", "status": "unaffected", "lessThanOrEqual": "5.15", "versionType": "custom"}]}, {"vendor": "linux", "product": "linux_kernel", "cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.15", "status": "unaffected", "lessThanOrEqual": "*", "versionType": "custom"}, {"version": "ca6cb5447cec", "status": "affected", "lessThan": "e1b80a5ebe54", "versionType": "custom"}, {"version": "ca6cb5447cec", "status": "affected", "lessThanOrEqual": "27de809a3d83", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-22T14:16:03.996625Z", "id": "CVE-2021-47486", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T20:47:36.231Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.593Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/cac6b043cea3e120f4fccec16f7381747cbfdc0d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e1b80a5ebe5431caeb20f88c32d4a024777a2d41", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/27de809a3d83a6199664479ebb19712533d6fd9b", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/cac6b043cea3e120f4fccec16f7381747cbfdc0d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e1b80a5ebe5431caeb20f88c32d4a024777a2d41", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/27de809a3d83a6199664479ebb19712533d6fd9b", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.593Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-47486", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-22T14:16:03.996625Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "ca6cb5447cec", "lessThan": "cac6b043cea3", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "affected", "version": "5.7"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "5.10.77", "versionType": "custom", "lessThanOrEqual": "5.11"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "\t5.14.16", "versionType": "custom", "lessThanOrEqual": "5.15"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"], "vendor": "linux", "product": "linux_kernel", "versions": [{"status": "unaffected", "version": "5.15", "versionType": "custom", "lessThanOrEqual": "*"}, {"status": "affected", "version": "ca6cb5447cec", "lessThan": "e1b80a5ebe54", "versionType": "custom"}, {"status": "affected", "version": "ca6cb5447cec", "versionType": "custom", "lessThanOrEqual": "27de809a3d83"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-22T14:14:44.529Z"}}], "cna": {"title": "riscv, bpf: Fix potential NULL dereference", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "ca6cb5447cec", "lessThan": "cac6b043cea3", "versionType": "git"}, {"status": "affected", "version": "ca6cb5447cec", "lessThan": "e1b80a5ebe54", "versionType": "git"}, {"status": "affected", "version": "ca6cb5447cec", "lessThan": "27de809a3d83", "versionType": "git"}], "programFiles": ["arch/riscv/net/bpf_jit_core.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.7"}, {"status": "unaffected", "version": "0", "lessThan": "5.7", "versionType": "custom"}, {"status": "unaffected", "version": "5.10.77", "versionType": "custom", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.14.16", "versionType": "custom", "lessThanOrEqual": "5.14.*"}, {"status": "unaffected", "version": "5.15", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["arch/riscv/net/bpf_jit_core.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/cac6b043cea3e120f4fccec16f7381747cbfdc0d"}, {"url": "https://git.kernel.org/stable/c/e1b80a5ebe5431caeb20f88c32d4a024777a2d41"}, {"url": "https://git.kernel.org/stable/c/27de809a3d83a6199664479ebb19712533d6fd9b"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv, bpf: Fix potential NULL dereference\n\nThe bpf_jit_binary_free() function requires a non-NULL argument. When\nthe RISC-V BPF JIT fails to converge in NR_JIT_ITERATIONS steps,\njit_data->header will be NULL, which triggers a NULL\ndereference. Avoid this by checking the argument, prior calling the\nfunction."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:08:48.449Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47486", "state": "PUBLISHED", "dateUpdated": "2024-08-20T20:47:36.231Z", "dateReserved": "2024-05-22T06:20:56.201Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-22T08:19:36.818Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv, bpf: Fix potential NULL dereference\n\nThe bpf_jit_binary_free() function requires a non-NULL argument. When\nthe RISC-V BPF JIT fails to converge in NR_JIT_ITERATIONS steps,\njit_data->header will be NULL, which triggers a NULL\ndereference. Avoid this by checking the argument, prior calling the\nfunction."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: riscv, bpf: corrige una posible desreferencia NULL La funci\u00f3n bpf_jit_binary_free() requiere un argumento que no sea NULL. Cuando el JIT BPF de RISC-V no logra converger en los pasos NR_JIT_ITERATION, jit_data->header ser\u00e1 NULL, lo que desencadena una desreferencia NULL. Evite esto verificando el argumento antes de llamar a la funci\u00f3n."}], "id": "CVE-2021-47486", "lastModified": "2024-07-03T01:38:02.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-22T09:15:10.573", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/27de809a3d83a6199664479ebb19712533d6fd9b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cac6b043cea3e120f4fccec16f7381747cbfdc0d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e1b80a5ebe5431caeb20f88c32d4a024777a2d41"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: riscv, bpf: Fix potential NULL dereference", "id": "2282936", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282936"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nriscv, bpf: Fix potential NULL dereference\nThe bpf_jit_binary_free() function requires a non-NULL argument. When\nthe RISC-V BPF JIT fails to converge in NR_JIT_ITERATIONS steps,\njit_data->header will be NULL, which triggers a NULL\ndereference. Avoid this by checking the argument, prior calling the\nfunction."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-47486", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47486\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47486\nhttps://lore.kernel.org/linux-cve-announce/2024052239-CVE-2021-47486-6a5a@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.10.77, kernel 5.14.16, kernel 5.15"}