vulnerability
Ubuntu: (CVE-2021-47186): linux-fips vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | Apr 10, 2024 | Jun 26, 2025 | Aug 18, 2025 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:C)
Published
Apr 10, 2024
Added
Jun 26, 2025
Modified
Aug 18, 2025
Description
In the Linux kernel, the following vulnerability has been resolved:
tipc: check for null after calling kmemdup
kmemdup can return a null pointer so need to check for it, otherwise
the null key will be dereferenced later in tipc_crypto_key_xmit as
can be seen in the trace [1].
[1] https://syzkaller.appspot.com/bug?id=bca180abb29567b189efdbdb34cbf7ba851c2a58
Solution
no-fix-ubuntu-package
References
- CVE-2021-47186
- https://attackerkb.com/topics/CVE-2021-47186
- CWE-476
- URL-https://git.kernel.org/linus/3e6db079751afd527bf3db32314ae938dc571916
- URL-https://git.kernel.org/stable/c/3e6db079751afd527bf3db32314ae938dc571916
- URL-https://git.kernel.org/stable/c/9404c4145542c23019a80ab1bb2ecf73cd057b10
- URL-https://git.kernel.org/stable/c/a7d91625863d4ffed63b993b5e6dc1298b6430c9
- URL-https://www.cve.org/CVERecord?id=CVE-2021-47186
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.