[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-DEBIAN-CVE-2021-47557":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":17,"related":18,"reserved_at":9,"published_at":19,"modified_at":20,"state":9,"summary":21,"references_raw":23,"kevs":30,"epss":9,"epss_history":31,"metrics":32,"affected":39},"DEBIAN-CVE-2021-47557","In the Linux kernel, the following vulnerability has been resolved:  net/sched: sch_ets: don't peek at classes beyond 'nbands'  when the number of DRR classes decreases, the round-robin active list can contain elements that have already been freed in ets_qdisc_change(). As a consequence, it's possible to see a NULL dereference crash, caused by the attempt to call cl->qdisc->ops->peek(cl->qdisc) when cl->qdisc is NULL:   BUG: kernel NULL pointer dereference, address: 0000000000000018  #PF: supervisor read access in kernel mode  #PF: error_code(0x0000) - not-present page  PGD 0 P4D 0  Oops: 0000 [#1] PREEMPT SMP NOPTI  CPU: 1 PID: 910 Comm: mausezahn Not tainted 5.16.0-rc1+ #475  Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014  RIP: 0010:ets_qdisc_dequeue+0x129/0x2c0 [sch_ets]  Code: c5 01 41 39 ad e4 02 00 00 0f 87 18 ff ff ff 49 8b 85 c0 02 00 00 49 39 c4 0f 84 ba 00 00 00 49 8b ad c0 02 00 00 48 8b 7d 10 \u003C48> 8b 47 18 48 8b 40 38 0f ae e8 ff d0 48 89 c3 48 85 c0 0f 84 9d  RSP: 0000:ffffbb36c0b5fdd8 EFLAGS: 00010287  RAX: ffff956678efed30 RBX: 0000000000000000 RCX: 0000000000000000  RDX: 0000000000000002 RSI: ffffffff9b938dc9 RDI: 0000000000000000  RBP: ffff956678efed30 R08: e2f3207fe360129c R09: 0000000000000000  R10: 0000000000000001 R11: 0000000000000001 R12: ffff956678efeac0  R13: ffff956678efe800 R14: ffff956611545000 R15: ffff95667ac8f100  FS:  00007f2aa9120740(0000) GS:ffff95667b800000(0000) knlGS:0000000000000000  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033  CR2: 0000000000000018 CR3: 000000011070c000 CR4: 0000000000350ee0  Call Trace:   \u003CTASK>   qdisc_peek_dequeued+0x29/0x70 [sch_ets]   tbf_dequeue+0x22/0x260 [sch_tbf]   __qdisc_run+0x7f/0x630   net_tx_action+0x290/0x4c0   __do_softirq+0xee/0x4f8   irq_exit_rcu+0xf4/0x130   sysvec_apic_timer_interrupt+0x52/0xc0   asm_sysvec_apic_timer_interrupt+0x12/0x20  RIP: 0033:0x7f2aa7fc9ad4  Code: b9 ff ff 48 8b 54 24 18 48 83 c4 08 48 89 ee 48 89 df 5b 5d e9 ed fc ff ff 0f 1f 00 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa \u003C53> 48 83 ec 10 48 8b 05 10 64 33 00 48 8b 00 48 85 c0 0f 85 84 00  RSP: 002b:00007ffe5d33fab8 EFLAGS: 00000202  RAX: 0000000000000002 RBX: 0000561f72c31460 RCX: 0000561f72c31720  RDX: 0000000000000002 RSI: 0000561f72c31722 RDI: 0000561f72c31720  RBP: 000000000000002a R08: 00007ffe5d33fa40 R09: 0000000000000014  R10: 0000000000000000 R11: 0000000000000246 R12: 0000561f7187e380  R13: 0000000000000000 R14: 0000000000000000 R15: 0000561f72c31460   \u003C/TASK>  Modules linked in: sch_ets sch_tbf dummy rfkill iTCO_wdt intel_rapl_msr iTCO_vendor_support intel_rapl_common joydev virtio_balloon lpc_ich i2c_i801 i2c_smbus pcspkr ip_tables xfs libcrc32c crct10dif_pclmul crc32_pclmul crc32c_intel ahci libahci ghash_clmulni_intel serio_raw libata virtio_blk virtio_console virtio_net net_failover failover sunrpc dm_mirror dm_region_hash dm_log dm_mod  CR2: 0000000000000018  Ensuring that 'alist' was never zeroed [1] was not sufficient, we need to remove from the active list those elements that are no more SP nor DRR.  [1] https://lore.kernel.org/netdev/60d274838bf09777f0371253416e8af71360bc08.1633609148.git.dcaratti@redhat.com/  v3: fix race between ets_qdisc_change() and ets_qdisc_dequeue() delisting     DRR classes beyond 'nbands' in ets_qdisc_change() with the qdisc lock     acquired, thanks to Cong Wang.  v2: when a NULL qdisc is found in the DRR active list, try to dequeue skb     from the next list item.",null,[],[],[],[14],{"_key":15},"CVE-2021-47557",[],[],[],"2024-05-24T15:15:20.393Z","2026-04-28T20:23:31.714811Z",{"cisa_kev":22,"cisa_ransomware":22,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[24],{"url":25,"sources":26,"tags":28},"https://security-tracker.debian.org/tracker/CVE-2021-47557",[27],"osv_debian",[29],"Advisory",[],[],[33],{"source":27,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":34,"cvss_v4_0":9},{"baseScore":35,"baseSeverity":9,"vectorString":36,"impactScore":37,"exploitabilityScore":38},5.5,"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",6,4.6,[40],{"ecosystem":41,"name":42,"vendor":43,"product":42,"cpe_part":9,"purl_type":44,"purl_namespace":43,"purl_name":42,"source":9,"versions":45},"Debian","linux","debian","deb",[46,52,55,56],{"version":47,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":50,"version_end_type":51,"fixed_in":9},"lt5_10_84_1",true,"ecosystem","5.10.84-1","excluding",{"version":53,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":51,"fixed_in":9},"lt5_15_15_1","5.15.15-1",{"version":53,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":51,"fixed_in":9},{"version":53,"is_range":48,"range_type":49,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":51,"fixed_in":9}]