CVE-2021-47289

Description

In the Linux kernel, the following vulnerability has been resolved: ACPI: fix NULL pointer dereference Commit 71f642833284 ("ACPI: utils: Fix reference counting in for_each_acpi_dev_match()") started doing "acpi_dev_put()" on a pointer that was possibly NULL. That fails miserably, because that helper inline function is not set up to handle that case. Just make acpi_dev_put() silently accept a NULL pointer, rather than calling down to put_device() with an invalid offset off that NULL pointer.

Predictions

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

• https://errata.rockylinux.org/RLSA-2024:7000
• https://errata.rockylinux.org/RLSA-2024:7001
• https://www.suse.com/security/cve/CVE-2021-47289.html
• https://security-tracker.debian.org/tracker/CVE-2021-47289
• https://access.redhat.com/errata/RHSA-2024:7000
• https://bugzilla.redhat.com/2258012
• https://bugzilla.redhat.com/2258013
• https://bugzilla.redhat.com/2260038
• https://bugzilla.redhat.com/2265799
• https://bugzilla.redhat.com/2265838
• https://bugzilla.redhat.com/2266358
• https://bugzilla.redhat.com/2266750
• https://bugzilla.redhat.com/2267036
• https://bugzilla.redhat.com/2267041
• https://bugzilla.redhat.com/2267795
• https://bugzilla.redhat.com/2267916
• https://bugzilla.redhat.com/2267925
• https://bugzilla.redhat.com/2268295
• https://bugzilla.redhat.com/2270103
• https://bugzilla.redhat.com/2271648
• https://bugzilla.redhat.com/2271796
• https://bugzilla.redhat.com/2272793
• https://bugzilla.redhat.com/2273141
• https://bugzilla.redhat.com/2273148
• https://bugzilla.redhat.com/2273180

💬 Discuss CVE-2021-47289 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.