CVE-2021-47307

cifs: prevent NULL deref in cifs_compose_mount_options()

Description

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL deref in cifs_compose_mount_options() The optional @ref parameter might contain an NULL node_name, so prevent dereferencing it in cifs_compose_mount_options(). Addresses-Coverity: 1476408 ("Explicit null dereferenced")

References

Link	Tags
https://git.kernel.org/stable/c/f7d1fa65e74263d11f90ddd33b4d4cd905a93759	patch
https://git.kernel.org/stable/c/e58c162789becede894d3e94c0ce6695a2ef5796	patch
https://git.kernel.org/stable/c/ae3d181f4e912f51af7776ea165f199b16fc165d	patch
https://git.kernel.org/stable/c/03313d1c3a2f086bb60920607ab79ac8f8578306	patch

Frequently Asked Questions

What is the severity of CVE-2021-47307?: CVE-2021-47307 has been scored as a medium severity vulnerability.
How to fix CVE-2021-47307?: To fix CVE-2021-47307, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47307 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-47307 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47307?: CVE-2021-47307 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-476 – NULL Pointer Dereference

References

Frequently Asked Questions