{"id":"CVE-2021-47503","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc()\n\nCalling scsi_remove_host() before scsi_add_host() results in a crash:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000108\n RIP: 0010:device_del+0x63/0x440\n Call Trace:\n  device_unregister+0x17/0x60\n  scsi_remove_host+0xee/0x2a0\n  pm8001_pci_probe+0x6ef/0x1b90 [pm80xx]\n  local_pci_probe+0x3f/0x90\n\nWe cannot call scsi_remove_host() in pm8001_alloc() because scsi_add_host()\nhas not been called yet at that point in time.\n\nFunction call tree:\n\n  pm8001_pci_probe()\n  |\n  `- pm8001_pci_alloc()\n  |  |\n  |  `- pm8001_alloc()\n  |     |\n  |     `- scsi_remove_host()\n  |\n  `- scsi_add_host()","modified":"2026-03-13T05:16:32.726209Z","published":"2024-05-24T15:15:10.567Z","related":["SUSE-SU-2024:2008-1","SUSE-SU-2024:2010-1","SUSE-SU-2024:2011-1","SUSE-SU-2024:2019-1","SUSE-SU-2024:2185-1","SUSE-SU-2024:2189-1","SUSE-SU-2024:2190-1"],"references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/1e434d2687e8bc0b3cdc9dd093c0e9047c0b4add"},{"type":"FIX","url":"https://git.kernel.org/stable/c/653926205741add87a6cf452e21950eebc6ac10b"},{"type":"FIX","url":"https://git.kernel.org/stable/c/f8dccc1bdea7e21b5ec06c957aef8831c772661c"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"5.10"},{"fixed":"5.10.85"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.15.8"}]},{"events":[{"introduced":"0"},{"last_affected":"5.16-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"5.16-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"5.16-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"5.16-rc4"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47503.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}