Description

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() Calling scsi_remove_host() before scsi_add_host() results in a crash: BUG: kernel NULL pointer dereference, address: 0000000000000108 RIP: 0010:device_del+0x63/0x440 Call Trace: device_unregister+0x17/0x60 scsi_remove_host+0xee/0x2a0 pm8001_pci_probe+0x6ef/0x1b90 [pm80xx] local_pci_probe+0x3f/0x90 We cannot call scsi_remove_host() in pm8001_alloc() because scsi_add_host() has not been called yet at that point in time. Function call tree: pm8001_pci_probe() | `- pm8001_pci_alloc() | | | `- pm8001_alloc() | | | `- scsi_remove_host() | `- scsi_add_host()

INFO

Published Date :

2024-05-24T15:01:50.358Z

Last Modified :

2025-05-04T07:12:25.934Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2021-47503 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2021-47503.

URL Resource
https://git.kernel.org/stable/c/1e434d2687e8bc0b3cdc9dd093c0e9047c0b4add cve-icon cve-icon
https://git.kernel.org/stable/c/653926205741add87a6cf452e21950eebc6ac10b cve-icon cve-icon
https://git.kernel.org/stable/c/f8dccc1bdea7e21b5ec06c957aef8831c772661c cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2021-47503 cve-icon
https://www.cve.org/CVERecord?id=CVE-2021-47503 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact