{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47077","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-29T22:33:44.297Z","datePublished":"2024-03-01T21:15:14.030Z","dateUpdated":"2025-05-04T07:03:42.160Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:03:42.160Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Add pointer checks in qedf_update_link_speed()\n\nThe following trace was observed:\n\n [   14.042059] Call Trace:\n [   14.042061]  <IRQ>\n [   14.042068]  qedf_link_update+0x144/0x1f0 [qedf]\n [   14.042117]  qed_link_update+0x5c/0x80 [qed]\n [   14.042135]  qed_mcp_handle_link_change+0x2d2/0x410 [qed]\n [   14.042155]  ? qed_set_ptt+0x70/0x80 [qed]\n [   14.042170]  ? qed_set_ptt+0x70/0x80 [qed]\n [   14.042186]  ? qed_rd+0x13/0x40 [qed]\n [   14.042205]  qed_mcp_handle_events+0x437/0x690 [qed]\n [   14.042221]  ? qed_set_ptt+0x70/0x80 [qed]\n [   14.042239]  qed_int_sp_dpc+0x3a6/0x3e0 [qed]\n [   14.042245]  tasklet_action_common.isra.14+0x5a/0x100\n [   14.042250]  __do_softirq+0xe4/0x2f8\n [   14.042253]  irq_exit+0xf7/0x100\n [   14.042255]  do_IRQ+0x7f/0xd0\n [   14.042257]  common_interrupt+0xf/0xf\n [   14.042259]  </IRQ>\n\nAPI qedf_link_update() is getting called from QED but by that time\nshost_data is not initialised. This results in a NULL pointer dereference\nwhen we try to dereference shost_data while updating supported_speeds.\n\nAdd a NULL pointer check before dereferencing shost_data."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/scsi/qedf/qedf_main.c"],"versions":[{"version":"61d8658b4a435eac729966cc94cdda077a8df5cd","lessThan":"a6362a737572f66051deb7637f3f77ddf7a4402f","status":"affected","versionType":"git"},{"version":"61d8658b4a435eac729966cc94cdda077a8df5cd","lessThan":"11014efcec378bb0050a6cf08eaf375e3693400a","status":"affected","versionType":"git"},{"version":"61d8658b4a435eac729966cc94cdda077a8df5cd","lessThan":"73578af92a0fae6609b955fcc9113e50e413c80f","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/scsi/qedf/qedf_main.c"],"versions":[{"version":"4.11","status":"affected"},{"version":"0","lessThan":"4.11","status":"unaffected","versionType":"semver"},{"version":"5.10.40","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.12.7","lessThanOrEqual":"5.12.*","status":"unaffected","versionType":"semver"},{"version":"5.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.10.40"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.12.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.11","versionEndExcluding":"5.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/a6362a737572f66051deb7637f3f77ddf7a4402f"},{"url":"https://git.kernel.org/stable/c/11014efcec378bb0050a6cf08eaf375e3693400a"},{"url":"https://git.kernel.org/stable/c/73578af92a0fae6609b955fcc9113e50e413c80f"}],"title":"scsi: qedf: Add pointer checks in qedf_update_link_speed()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:24:39.828Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/a6362a737572f66051deb7637f3f77ddf7a4402f","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/11014efcec378bb0050a6cf08eaf375e3693400a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/73578af92a0fae6609b955fcc9113e50e413c80f","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-47077","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:56:57.690041Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:33:44.268Z"}}]}}