{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47045", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-27T18:42:55.970Z", "datePublished": "2024-02-28T08:13:49.708Z", "dateUpdated": "2025-05-04T07:03:00.354Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:03:00.354Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb()\n\nIt is possible to call lpfc_issue_els_plogi() passing a did for which no\nmatching ndlp is found. A call is then made to lpfc_prep_els_iocb() with a\nnull pointer to a lpfc_nodelist structure resulting in a null pointer\ndereference.\n\nFix by returning an error status if no valid ndlp is found. Fix up comments\nregarding ndlp reference counting."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/lpfc/lpfc_els.c"], "versions": [{"version": "4430f7fd09ecb037570119e0aacbf0c17b8f98b2", "lessThan": "a09677de458d500b00701f6036baa423d9995408", "status": "affected", "versionType": "git"}, {"version": "4430f7fd09ecb037570119e0aacbf0c17b8f98b2", "lessThan": "9bdcfbed2a9fe24d2c7eaa1bad7c705e18de8cc7", "status": "affected", "versionType": "git"}, {"version": "4430f7fd09ecb037570119e0aacbf0c17b8f98b2", "lessThan": "8dd1c125f7f838abad009b64bff5f0a11afe3cb6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/scsi/lpfc/lpfc_els.c"], "versions": [{"version": "5.11", "status": "affected"}, {"version": "0", "lessThan": "5.11", "status": "unaffected", "versionType": "semver"}, {"version": "5.11.21", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.4", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.11.21"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.12.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "5.13"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a09677de458d500b00701f6036baa423d9995408"}, {"url": "https://git.kernel.org/stable/c/9bdcfbed2a9fe24d2c7eaa1bad7c705e18de8cc7"}, {"url": "https://git.kernel.org/stable/c/8dd1c125f7f838abad009b64bff5f0a11afe3cb6"}], "title": "scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb()", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47045", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T18:15:44.582355Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:13:28.365Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.643Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/a09677de458d500b00701f6036baa423d9995408", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9bdcfbed2a9fe24d2c7eaa1bad7c705e18de8cc7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8dd1c125f7f838abad009b64bff5f0a11afe3cb6", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/a09677de458d500b00701f6036baa423d9995408", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9bdcfbed2a9fe24d2c7eaa1bad7c705e18de8cc7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/8dd1c125f7f838abad009b64bff5f0a11afe3cb6", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.643Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47045", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-05T18:15:44.582355Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:15.557Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4430f7fd09ecb037570119e0aacbf0c17b8f98b2", "lessThan": "a09677de458d500b00701f6036baa423d9995408", "versionType": "git"}, {"status": "affected", "version": "4430f7fd09ecb037570119e0aacbf0c17b8f98b2", "lessThan": "9bdcfbed2a9fe24d2c7eaa1bad7c705e18de8cc7", "versionType": "git"}, {"status": "affected", "version": "4430f7fd09ecb037570119e0aacbf0c17b8f98b2", "lessThan": "8dd1c125f7f838abad009b64bff5f0a11afe3cb6", "versionType": "git"}], "programFiles": ["drivers/scsi/lpfc/lpfc_els.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.11"}, {"status": "unaffected", "version": "0", "lessThan": "5.11", "versionType": "semver"}, {"status": "unaffected", "version": "5.11.21", "versionType": "semver", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12.4", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/scsi/lpfc/lpfc_els.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/a09677de458d500b00701f6036baa423d9995408"}, {"url": "https://git.kernel.org/stable/c/9bdcfbed2a9fe24d2c7eaa1bad7c705e18de8cc7"}, {"url": "https://git.kernel.org/stable/c/8dd1c125f7f838abad009b64bff5f0a11afe3cb6"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb()\n\nIt is possible to call lpfc_issue_els_plogi() passing a did for which no\nmatching ndlp is found. A call is then made to lpfc_prep_els_iocb() with a\nnull pointer to a lpfc_nodelist structure resulting in a null pointer\ndereference.\n\nFix by returning an error status if no valid ndlp is found. Fix up comments\nregarding ndlp reference counting."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.11.21", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.12.4", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.13", "versionStartIncluding": "5.11"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T07:03:00.354Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47045", "state": "PUBLISHED", "dateUpdated": "2025-05-04T07:03:00.354Z", "dateReserved": "2024-02-27T18:42:55.970Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-28T08:13:49.708Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CBB94EC-EC33-4464-99C5-03E5542715F0", "versionEndExcluding": "5.11.21", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8C7052F-1B7B-4327-9C2B-84EBF3243838", "versionEndExcluding": "5.12.4", "versionStartIncluding": "5.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb()\n\nIt is possible to call lpfc_issue_els_plogi() passing a did for which no\nmatching ndlp is found. A call is then made to lpfc_prep_els_iocb() with a\nnull pointer to a lpfc_nodelist structure resulting in a null pointer\ndereference.\n\nFix by returning an error status if no valid ndlp is found. Fix up comments\nregarding ndlp reference counting."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: lpfc: corrige la desreferencia del puntero nulo en lpfc_prep_els_iocb() Es posible llamar a lpfc_issue_els_plogi() pasando un did para el cual no se encuentra ning\u00fan ndlp coincidente. Luego se realiza una llamada a lpfc_prep_els_iocb() con un puntero nulo a una estructura lpfc_nodelist, lo que da como resultado una desreferencia del puntero nulo. Corrija devolviendo un estado de error si no se encuentra ning\u00fan ndlp v\u00e1lido. Corrija los comentarios sobre el recuento de referencias de ndlp."}], "id": "CVE-2021-47045", "lastModified": "2024-12-06T18:41:37.933", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-02-28T09:15:40.223", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8dd1c125f7f838abad009b64bff5f0a11afe3cb6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9bdcfbed2a9fe24d2c7eaa1bad7c705e18de8cc7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a09677de458d500b00701f6036baa423d9995408"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8dd1c125f7f838abad009b64bff5f0a11afe3cb6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9bdcfbed2a9fe24d2c7eaa1bad7c705e18de8cc7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a09677de458d500b00701f6036baa423d9995408"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb()", "id": "2266724", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266724"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nscsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb()\nIt is possible to call lpfc_issue_els_plogi() passing a did for which no\nmatching ndlp is found. A call is then made to lpfc_prep_els_iocb() with a\nnull pointer to a lpfc_nodelist structure resulting in a null pointer\ndereference.\nFix by returning an error status if no valid ndlp is found. Fix up comments\nregarding ndlp reference counting.", "A flaw was found in the scsi/lpfcIt subsystem of the Linux kernel, where it is possible to call lpfc_issue_els_plogi() passing a did argument for which no matching ndlp is found. A call is then made to lpfc_prep_els_iocb() with a NULL pointer to a lpfc_nodelist structure, resulting in a NULL pointer dereference."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-47045", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47045\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47045\nhttps://lore.kernel.org/linux-cve-announce/2024022839-CVE-2021-47045-7363@gregkh/T/#u"], "threat_severity": "Moderate"}