CVE-2021-47651

soc: qcom: rpmpd: Check for null return of devm_kcalloc

Description

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: rpmpd: Check for null return of devm_kcalloc Because of the possible failure of the allocation, data->domains might be NULL pointer and will cause the dereference of the NULL pointer later. Therefore, it might be better to check it and directly return -ENOMEM without releasing data manually if fails, because the comment of the devm_kmalloc() says "Memory allocated with this function is automatically freed on driver detach.".

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/755dbc3d73789ac9f0017c729abf5e4b153bf799 patch
https://git.kernel.org/stable/c/b5d6eba71997b6d661935d2b15094ac7f9f6132d patch
https://git.kernel.org/stable/c/724376c30af5a57686b223dbcd6188e07d2a1de2 patch
https://git.kernel.org/stable/c/84b89fa877ad576e9ee8130f412cfd592f274508 patch
https://git.kernel.org/stable/c/31b5124d742969ea8bf7a1360596f548ca23e770 patch
https://git.kernel.org/stable/c/5a811126d38f9767a20cc271b34db7c8efc5a46c patch

Frequently Asked Questions

What is the severity of CVE-2021-47651?
CVE-2021-47651 has been scored as a medium severity vulnerability.
How to fix CVE-2021-47651?
To fix CVE-2021-47651, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47651 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47651 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47651?
CVE-2021-47651 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.