net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings()
This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven.
This ID is fixed in Linux Kernel version v5.15.7 by commit c5ef33c1489b2cd74368057fa00b5d2183bb5853, it was introduced in version v3.9 by commit 7f9664525f9cb507de9198a395a111371413f230. For more details please see the references link.
WS-2021-0564 - Medium Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.238
The Linux Kernel
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: 05c0743befb9102e2ecb9fbd0fa8eb43eb8bb5ec
Found in base branch: master
Vulnerable Source Files (2)
/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c /drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c
Vulnerability Details
net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.7 by commit c5ef33c1489b2cd74368057fa00b5d2183bb5853, it was introduced in version v3.9 by commit 7f9664525f9cb507de9198a395a111371413f230. For more details please see the references link.
Publish Date: 2021-12-19
URL: WS-2021-0564
CVSS 3 Score Details (5.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://osv.dev/vulnerability/GSD-2021-1002561
Release Date: 2021-12-19
Fix Resolution: v5.15.7
Step up your Open Source Security Game with Mend here