CVE-2021-47652

video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()

Description

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() I got a null-ptr-deref report: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:fb_destroy_modelist+0x38/0x100 ... Call Trace: ufx_usb_probe.cold+0x2b5/0xac1 [smscufx] usb_probe_interface+0x1aa/0x3c0 [usbcore] really_probe+0x167/0x460 ... ret_from_fork+0x1f/0x30 If fb_alloc_cmap() fails in ufx_usb_probe(), fb_destroy_modelist() will be called to destroy modelist in the error handling path. But modelist has not been initialized yet, so it will result in null-ptr-deref. Initialize modelist before calling fb_alloc_cmap() to fix this bug.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/d1b6a1f0c23b7164250479bf92e2893291dca539 patch
https://git.kernel.org/stable/c/0fd28daec73525382e5c992db8743bf76e42cd5c patch
https://git.kernel.org/stable/c/dd3a6cc7385b89ec2303f39dfc3bafa4e24cec4b patch
https://git.kernel.org/stable/c/da8b269cc0a2526ebeaccbe2484c999eb0f822cf patch
https://git.kernel.org/stable/c/64ec3e678d76419f207b9cdd338dda438ca10b1c patch
https://git.kernel.org/stable/c/c420b540db4b5d69de0a36d8b9d9a6a79a04f05a patch
https://git.kernel.org/stable/c/d396c651e2b508b6179bb678cc029f3becbf5170 patch
https://git.kernel.org/stable/c/9280ef235b05e8f19f8bc6d547b992f0a0ef398d patch
https://git.kernel.org/stable/c/1791f487f877a9e83d81c8677bd3e7b259e7cb27 patch

Frequently Asked Questions

What is the severity of CVE-2021-47652?
CVE-2021-47652 has been scored as a medium severity vulnerability.
How to fix CVE-2021-47652?
To fix CVE-2021-47652, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47652 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47652 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47652?
CVE-2021-47652 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.