CVE-2021-47503

MEDIUM Year: 2021
CVSS v3 Score
6.2
Medium
Weakness Type
CWE-476
View all →

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() Calling scsi_remove_host() before scsi_add_host() results in a crash: BUG: kernel NULL pointer dereference, address: 0000000000000108 RIP: 0010:device_del+0x63/0x440 Call Trace: device_unregister+0x17/0x60 scsi_remove_host+0xee/0x2a0 pm8001_pci_probe+0x6ef/0x1b90 [pm80xx] local_pci_probe+0x3f/0x90 We cannot call scsi_remove_host() in pm8001_alloc() because scsi_add_host() has not been called yet at that point in time. Function call tree: pm8001_pci_probe() | `- pm8001_pci_alloc() | | | `- pm8001_alloc() | | | `- scsi_remove_host() | `- scsi_add_host()

Related Vulnerabilities

CVE-2016-7609

MEDIUM
CVSS:6.2(Medium)

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows local users to cause a denial of service...

CWE-4762016

CVE-2017-6899

MEDIUM
CVSS:6.2(Medium)

The msm_bus_dbg_update_request_write function in drivers/platform/msm/msm_bus/msm_bus_dbg.c in android_kernel_huawei_msm8916 through 2017-06-16 in LineageOS, and possibly other kernels for MSM devices...

CWE-4762017

CVE-2020-29571

MEDIUM
CVSS:6.2(Medium)

An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer ...

CWE-4762020

CVE-2022-0696

MEDIUM
CVSS:6.2(Medium)

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.

CWE-4762022

CVE-2022-43588

MEDIUM
CVSS:6.2(Medium)

A null pointer dereference vulnerability exists in the handle_ioctl_83150 functionality of Callback technologies CBFS Filter 20.0.8317. A specially crafted I/O request packet (IRP) can lead to denial ...

CWE-4762022