Vulnerability Details : CVE-2021-47289
In the Linux kernel, the following vulnerability has been resolved:
ACPI: fix NULL pointer dereference
Commit 71f642833284 ("ACPI: utils: Fix reference counting in
for_each_acpi_dev_match()") started doing "acpi_dev_put()" on a pointer
that was possibly NULL. That fails miserably, because that helper
inline function is not set up to handle that case.
Just make acpi_dev_put() silently accept a NULL pointer, rather than
calling down to put_device() with an invalid offset off that NULL
pointer.
Vulnerability category: Memory Corruption
Products affected by CVE-2021-47289
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.14:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.14:rc2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-47289
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 5 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-47289
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST | 2024-12-23 |
CWE ids for CVE-2021-47289
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-47289
-
https://git.kernel.org/stable/c/38f54217b423c0101d03a00feec6fb8ec608b12e
ACPI: fix NULL pointer dereference - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/fc68f42aa737dc15e7665a4101d4168aadb8e4c4
ACPI: fix NULL pointer dereference - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/ccf23a0888077a25a0793a746c3941db2a7562e4
ACPI: fix NULL pointer dereference - kernel/git/stable/linux.git - Linux kernel stable treePatch
-
https://git.kernel.org/stable/c/cae3fa3d8165761f3000f523b11cfa1cd35206bc
ACPI: fix NULL pointer dereference - kernel/git/stable/linux.git - Linux kernel stable treePatch
Jump to