CVE-2021-47134

efi/fdt: fix panic when no valid fdt found

Description

In the Linux kernel, the following vulnerability has been resolved: efi/fdt: fix panic when no valid fdt found setup_arch() would invoke efi_init()->efi_get_fdt_params(). If no valid fdt found then initial_boot_params will be null. So we should stop further fdt processing here. I encountered this issue on risc-v.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/5148066edbdc89c6fe5bc419c31a5c22e5f83bdb patch
https://git.kernel.org/stable/c/8a7e8b4e5631a03ea2fee27957857a56612108ca patch
https://git.kernel.org/stable/c/668a84c1bfb2b3fd5a10847825a854d63fac7baa patch

Frequently Asked Questions

What is the severity of CVE-2021-47134?
CVE-2021-47134 has been scored as a medium severity vulnerability.
How to fix CVE-2021-47134?
To fix CVE-2021-47134, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47134 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47134 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47134?
CVE-2021-47134 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.