CVE-2021-47077: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Add pointer checks in qedf_update_link_speed() The following trace was observed: [ 14.042059] Call Trace: [ 14.042061] <IRQ> [ 14.042068] qedf_link_update+0x144/0x1f0 [qedf] [ 14.042117] qed_link_update+0x5c/0x80 [qed] [ 14.042135] qed_mcp_handle_link_change+0x2d2/0x410 [qed] [ 14.042155] ? qed_set_ptt+0x70/0x80 [qed] [ 14.042170] ? qed_set_ptt+0x70/0x80 [qed] [ 14.042186] ? qed_rd+0x13/0x40 [qed] [ 14.042205] qed_mcp_handle_events+0x437/0x690 [qed] [ 14.042221] ? qed_set_ptt+0x70/0x80 [qed] [ 14.042239] qed_int_sp_dpc+0x3a6/0x3e0 [qed] [ 14.042245] tasklet_action_common.isra.14+0x5a/0x100 [ 14.042250] __do_softirq+0xe4/0x2f8 [ 14.042253] irq_exit+0xf7/0x100 [ 14.042255] do_IRQ+0x7f/0xd0 [ 14.042257] common_interrupt+0xf/0xf [ 14.042259] </IRQ> API qedf_link_update() is getting called from QED but by that time shost_data is not initialised. This results in a NULL pointer dereference when we try to dereference shost_data while updating supported_speeds. Add a NULL pointer check before dereferencing shost_data.
AI Analysis
Technical Summary
CVE-2021-47077 is a vulnerability identified in the Linux kernel specifically affecting the qedf driver, which is part of the SCSI (Small Computer System Interface) subsystem. The issue arises in the qedf_update_link_speed() function, which is called during link speed updates handled by the QED (QLogic Ethernet Driver) component. The root cause is a NULL pointer dereference due to the shost_data pointer not being initialized before it is dereferenced while updating supported link speeds. This leads to a kernel crash (NULL pointer dereference) when the function attempts to access or modify data through this uninitialized pointer. The trace provided shows the call stack leading to the fault, indicating that the problem occurs during interrupt handling and link update events. The vulnerability is addressed by adding a NULL pointer check before dereferencing shost_data, preventing the kernel from crashing due to invalid memory access. This vulnerability affects Linux kernel versions identified by the commit hash 61d8658b4a435eac729966cc94cdda077a8df5cd and was published on March 1, 2024. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet. The vulnerability is a denial-of-service (DoS) type, as it causes a kernel panic or crash, impacting system availability.
Potential Impact
For European organizations, this vulnerability could lead to system instability or downtime on Linux servers using the affected qedf driver, which is commonly employed in environments utilizing Fibre Channel over Ethernet (FCoE) for storage networking. Organizations relying on Linux-based storage servers, data centers, or cloud infrastructure that use this driver may experience unexpected kernel crashes, leading to service interruptions and potential data unavailability. While this vulnerability does not directly compromise confidentiality or integrity, the resulting denial of service can disrupt critical business operations, especially in sectors like finance, healthcare, and telecommunications where high availability is essential. Additionally, recovery from kernel crashes may require manual intervention or system reboots, increasing operational costs and downtime. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to prevent potential exploitation or accidental triggering.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patch that adds the NULL pointer check in qedf_update_link_speed() as soon as it becomes available from their Linux distribution vendors. 2) Monitor vendor security advisories and update schedules for kernel updates related to the qedf driver. 3) In environments where immediate patching is not feasible, consider temporarily disabling the qedf driver if it is not critical to operations, or isolate affected systems to limit impact. 4) Implement robust monitoring and alerting for kernel panics or unexpected reboots to quickly detect and respond to potential exploitation or accidental triggers. 5) Conduct thorough testing of kernel updates in staging environments to ensure stability before deployment in production. 6) Maintain regular backups and disaster recovery plans to minimize operational impact in case of service disruption.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy
CVE-2021-47077: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Add pointer checks in qedf_update_link_speed() The following trace was observed: [ 14.042059] Call Trace: [ 14.042061] <IRQ> [ 14.042068] qedf_link_update+0x144/0x1f0 [qedf] [ 14.042117] qed_link_update+0x5c/0x80 [qed] [ 14.042135] qed_mcp_handle_link_change+0x2d2/0x410 [qed] [ 14.042155] ? qed_set_ptt+0x70/0x80 [qed] [ 14.042170] ? qed_set_ptt+0x70/0x80 [qed] [ 14.042186] ? qed_rd+0x13/0x40 [qed] [ 14.042205] qed_mcp_handle_events+0x437/0x690 [qed] [ 14.042221] ? qed_set_ptt+0x70/0x80 [qed] [ 14.042239] qed_int_sp_dpc+0x3a6/0x3e0 [qed] [ 14.042245] tasklet_action_common.isra.14+0x5a/0x100 [ 14.042250] __do_softirq+0xe4/0x2f8 [ 14.042253] irq_exit+0xf7/0x100 [ 14.042255] do_IRQ+0x7f/0xd0 [ 14.042257] common_interrupt+0xf/0xf [ 14.042259] </IRQ> API qedf_link_update() is getting called from QED but by that time shost_data is not initialised. This results in a NULL pointer dereference when we try to dereference shost_data while updating supported_speeds. Add a NULL pointer check before dereferencing shost_data.
AI-Powered Analysis
Technical Analysis
CVE-2021-47077 is a vulnerability identified in the Linux kernel specifically affecting the qedf driver, which is part of the SCSI (Small Computer System Interface) subsystem. The issue arises in the qedf_update_link_speed() function, which is called during link speed updates handled by the QED (QLogic Ethernet Driver) component. The root cause is a NULL pointer dereference due to the shost_data pointer not being initialized before it is dereferenced while updating supported link speeds. This leads to a kernel crash (NULL pointer dereference) when the function attempts to access or modify data through this uninitialized pointer. The trace provided shows the call stack leading to the fault, indicating that the problem occurs during interrupt handling and link update events. The vulnerability is addressed by adding a NULL pointer check before dereferencing shost_data, preventing the kernel from crashing due to invalid memory access. This vulnerability affects Linux kernel versions identified by the commit hash 61d8658b4a435eac729966cc94cdda077a8df5cd and was published on March 1, 2024. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet. The vulnerability is a denial-of-service (DoS) type, as it causes a kernel panic or crash, impacting system availability.
Potential Impact
For European organizations, this vulnerability could lead to system instability or downtime on Linux servers using the affected qedf driver, which is commonly employed in environments utilizing Fibre Channel over Ethernet (FCoE) for storage networking. Organizations relying on Linux-based storage servers, data centers, or cloud infrastructure that use this driver may experience unexpected kernel crashes, leading to service interruptions and potential data unavailability. While this vulnerability does not directly compromise confidentiality or integrity, the resulting denial of service can disrupt critical business operations, especially in sectors like finance, healthcare, and telecommunications where high availability is essential. Additionally, recovery from kernel crashes may require manual intervention or system reboots, increasing operational costs and downtime. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to prevent potential exploitation or accidental triggering.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patch that adds the NULL pointer check in qedf_update_link_speed() as soon as it becomes available from their Linux distribution vendors. 2) Monitor vendor security advisories and update schedules for kernel updates related to the qedf driver. 3) In environments where immediate patching is not feasible, consider temporarily disabling the qedf driver if it is not critical to operations, or isolate affected systems to limit impact. 4) Implement robust monitoring and alerting for kernel panics or unexpected reboots to quickly detect and respond to potential exploitation or accidental triggers. 5) Conduct thorough testing of kernel updates in staging environments to ensure stability before deployment in production. 6) Maintain regular backups and disaster recovery plans to minimize operational impact in case of service disruption.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-29T22:33:44.297Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9834c4522896dcbe9c6e
Added to database: 5/21/2025, 9:09:08 AM
Last enriched: 6/30/2025, 8:58:17 PM
Last updated: 8/5/2025, 6:54:06 PM
Views: 11
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.