CVE-2021-47501 - pub/scm/linux/kernel/git/sashal/vulns-desc - Git at Google

 The vulnerability, CVE-2021-47501, is a NULL pointer dereference in the `i40e_dbg_dump_desc` function in the Linux kernel's `i40e` driver. This occurs when attempting to dump VFs VSI RX/TX descriptors using debugfs, causing a crash.

 The issue arises because the `i40e_dbg_dump_desc` function does not properly check if the VSI type is correct for dumping RX/TX descriptors, leading to a NULL pointer dereference. To fix this, a check was added to ensure that the VSI type is correct before attempting to dump the descriptors.

 This vulnerability was introduced in kernel version 3.12 with commit `02e9c290814c` and has been fixed in kernel versions 5.10.85 with commit `e5b7fb2198ab`, 5.15.8 with commit `16431e442db2`, and 5.16 with commit `23ec111bf354`. The affected file is `drivers/net/ethernet/intel/i40e/i40e_debugfs.c`. To mitigate this issue, the Linux kernel CVE team recommends updating to the latest stable kernel version.
	The vulnerability, CVE-2021-47501, is a NULL pointer dereference in the `i40e_dbg_dump_desc` function in the Linux kernel's `i40e` driver. This occurs when attempting to dump VFs VSI RX/TX descriptors using debugfs, causing a crash.

	The issue arises because the `i40e_dbg_dump_desc` function does not properly check if the VSI type is correct for dumping RX/TX descriptors, leading to a NULL pointer dereference. To fix this, a check was added to ensure that the VSI type is correct before attempting to dump the descriptors.

	This vulnerability was introduced in kernel version 3.12 with commit `02e9c290814c` and has been fixed in kernel versions 5.10.85 with commit `e5b7fb2198ab`, 5.15.8 with commit `16431e442db2`, and 5.16 with commit `23ec111bf354`. The affected file is `drivers/net/ethernet/intel/i40e/i40e_debugfs.c`. To mitigate this issue, the Linux kernel CVE team recommends updating to the latest stable kernel version.