CVE-2021-47518

nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done

Description

In the Linux kernel, the following vulnerability has been resolved: nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done The done() netlink callback nfc_genl_dump_ses_done() should check if received argument is non-NULL, because its allocation could fail earlier in dumpit() (nfc_genl_dump_ses()).

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.05%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/87cdb8789c38e44ae5454aafe277997c950d00ed patch
https://git.kernel.org/stable/c/69bb79a8f5bb9f436b6f1434ca9742591b7bbe18 patch
https://git.kernel.org/stable/c/811a7576747760bcaf60502f096d1e6e91d566fa patch
https://git.kernel.org/stable/c/3b861a40325eac9c4c13b6c53874ad90617e944d patch
https://git.kernel.org/stable/c/48fcd08fdbe05e35b650a252ec2a2d96057a1c7a patch
https://git.kernel.org/stable/c/83ea620a1be840bf05089a5061fb8323ca42f38c patch
https://git.kernel.org/stable/c/fae9705d281091254d4a81fa2da9d22346097dca patch
https://git.kernel.org/stable/c/4cd8371a234d051f9c9557fcbb1f8c523b1c0d10 patch

Frequently Asked Questions

What is the severity of CVE-2021-47518?
CVE-2021-47518 has been scored as a medium severity vulnerability.
How to fix CVE-2021-47518?
To fix CVE-2021-47518, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47518 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47518 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47518?
CVE-2021-47518 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.