Unrated severityNVD Advisory· Published Jul 2, 2021· Updated Aug 4, 2024

CVE-2021-36146

Description

ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ACRN before 2.5 has a NULL pointer dereference in the xHCI device model, allowing a guest to cause a denial of service.

Vulnerability

In ACRN versions before 2.5, the function pci_xhci_complete_commands in devicemodel/hw/pci/xhci.c does not check if the trb pointer is NULL before use. This can be triggered when a guest provides an invalid guest address, leading to a NULL pointer dereference [1].

Exploitation

An attacker with guest access to the ACRN hypervisor can exploit this vulnerability by sending crafted xHCI commands that result in an invalid TRB pointer, causing the device model to dereference a NULL pointer.

Impact

Successful exploitation leads to a denial of service (crash) of the device model, potentially affecting other guests or the hypervisor stability.

Mitigation

The vulnerability is fixed in ACRN 2.5. The fix adds a check for the trb pointer before use, returning early if it is NULL [1]. Users should upgrade to ACRN 2.5 or apply the commit 330359921e2e4c2f3f3a10b5bab86942d63c4428.

References

DM: xHCI: Check trb pointer before use it by liudlong · Pull Request #6173 · projectacrn/acrn-hypervisor

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

ACRN/ACRNdescription
ACRN/ACRNllm-fuzzy
Range: <2.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/projectacrn/acrn-hypervisor/pull/6173/commits/330359921e2e4c2f3f3a10b5bab86942d63c4428mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000