CVE-2021-47380

MEDIUM5.5

HID: amd_sfh: Fix potential NULL pointer dereference

Published May 21, 2024

Modified 10 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

HID: amd_sfh: Fix potential NULL pointer dereference

devm_add_action_or_reset() can suddenly invoke amd_mp2_pci_remove() at registration that will cause NULL pointer dereference since corresponding data is not initialized yet. The patch moves initialization of data before devm_add_action_or_reset().

Found by Linux Driver Verification project (linuxtesting.org).

[jkosina@suse.cz: rebase]

References

WEB

https://git.kernel.org/stable/c/283e4bee701dfcd409dd293f19a268bb2bc8ff38

WEB

https://git.kernel.org/stable/c/d46ef750ed58cbeeba2d9a55c99231c30a172764

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2021-47380

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedMay 21, 2024

ModifiedMay 4, 2025

CVE-2021-47380 | Mondoo Vulnerability Intelligence