Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2021-47440 |
CWE-ID | CWE-476 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU90408
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47440
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the encx24j600_spi_probe() function in drivers/net/ethernet/microchip/encx24j600.c, within the devm_regmap_init_encx24j600() function in drivers/net/ethernet/microchip/encx24j600-regmap.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/66358471fa75a713fd76bc8a4bd74cb14cd50a4f
http://git.kernel.org/stable/c/f043fac1133a6c5ef960a8422c0f6dd711dee462
http://git.kernel.org/stable/c/fddc7f678d7fb93caa0d7bc512f968ff1e2bddbc
http://git.kernel.org/stable/c/5e5494e6fc8a29c927e0478bec4a078a40da8901
http://git.kernel.org/stable/c/4c2eb80fc90b05559ce6ed1b8dfb2348420b5644
http://git.kernel.org/stable/c/e19c10d6e07c59c96e90fe053a72683ad8b0397e
http://git.kernel.org/stable/c/322c0e53496309e634d9db7349678eaad1d25b55
http://git.kernel.org/stable/c/f03dca0c9e2297c84a018e306f8a9cd534ee4287
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.