Bug 1220762 (CVE-2021-47050)

Summary: VUL-0: CVE-2021-47050: kernel: memory: renesas-rpc-if: fix possible NULL pointer dereference of resource
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: gabriele.sonnu, mhocko, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/395497/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-47050:4.4:(AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-03-01 11:08:55 UTC 
In the Linux kernel, the following vulnerability has been resolved:

memory: renesas-rpc-if: fix possible NULL pointer dereference of resource

The platform_get_resource_byname() can return NULL which would be
immediately dereferenced by resource_size().  Instead dereference it
after validating the resource.

Addresses-Coverity: Dereference null return value

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-47050
https://www.cve.org/CVERecord?id=CVE-2021-47050
https://git.kernel.org/stable/c/59e27d7c94aa02da039b000d33c304c179395801
https://git.kernel.org/stable/c/71bcc1b4a1743534d8abdcb57ff912e6bc390438
https://git.kernel.org/stable/c/a74cb41af7dbe019e4096171f8bc641c7ce910ad
https://git.kernel.org/stable/c/e16acc3a37f09e18835dc5d8014942c2ef6ca957
https://bugzilla.redhat.com/show_bug.cgi?id=2266735
Comment 1 Gabriele Sonnu 2024-03-01 11:15:52 UTC 
All affected branches already contain the fix. Closing.
Comment 7 Thomas Leroy 2024-04-19 13:02:09 UTC 
All done, closing.