CVE-2021-47651: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability has been identified and resolved in the soc: qcom: rpmpd component. The issue involves a potential NULL pointer dereference due to unchecked memory allocation. The vulnerability was discovered and fixed in February 2025, affecting the Linux kernel's Resource Power Manager (RPM) power domain driver (NVD).

The vulnerability exists in the rpmpd_probe function where data->domains is allocated using devm_kcalloc but the return value is not checked for NULL. Because of the possible failure of the allocation, data->domains might be NULL pointer and will cause a dereference of the NULL pointer later in the execution. The fix involves adding a NULL check after the allocation and returning -ENOMEM if the allocation fails (Kernel Commit).

If exploited, this vulnerability could lead to a NULL pointer dereference, potentially causing a system crash or denial of service condition. The issue affects the Resource Power Manager (RPM) power domain driver, which is responsible for power management in Qualcomm SoC devices (NVD).

The vulnerability has been fixed by adding proper NULL pointer checking after the memory allocation. The fix has been implemented in the Linux kernel through a patch that adds validation of the devm_kcalloc return value. The patch ensures that if memory allocation fails, the function returns -ENOMEM without attempting to use the NULL pointer (Kernel Commit).