Bugzilla – Bug 1219402
VUL-0: CVE-2021-33630: kernel-source,kernel-source-azure,kernel-source-rt: net/sched: cbs NULL pointer dereference when offloading is enabled
Last modified: 2024-07-05 15:21:03 UTC
NULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C. This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33630 https://www.cve.org/CVERecord?id=CVE-2021-33630 https://gitee.com/src-openeuler/kernel/pulls/1389 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1030 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1031 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e8b9bfa110896f95d602d8c98d5f9d67e41d78c https://seclists.org/oss-sec/2024/q1/65 http://www.openwall.com/lists/oss-security/2024/01/30/3 http://www.openwall.com/lists/oss-security/2024/01/30/4 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c099c4fdc438014d5893629e70a8ba934433ee8 http://www.openwall.com/lists/oss-security/2024/01/30/5 https://bugzilla.redhat.com/show_bug.cgi?id=2261974 http://www.openwall.com/lists/oss-security/2024/01/30/10 http://www.openwall.com/lists/oss-security/2024/01/30/9
CVE-2021-33630 is related to https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e8b9bfa110896f95d602d8c98d5f9d67e41d78c SLE15-SP6, cve/linux-5.14 and stable should contain the fix. cve/linux-5.3 contains the buggy commit but not the fix
Michal, something for you?
All done, closing.