SB20240531371 - NULL pointer dereference in Linux kernel usb dwc3 driver
Published: May 31, 2024 Updated: May 14, 2025
Security Bulletin ID
SB20240531371
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2021-47220)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc3_remove() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/ff4c63f3e8cb7af2ce51cc56b031e08fd23c758b
- https://git.kernel.org/stable/c/58b5e02c6ca0e2b7c87cd8023ff786ef3c0eef74
- https://git.kernel.org/stable/c/7f9745ab342bcce5efd5d4d2297d0a3dd9db0eac
- https://git.kernel.org/stable/c/fd7c4bd582494934be15d41aebe0dbe23790605f
- https://git.kernel.org/stable/c/174c27583b3807ac96228c442735b02622d8d1c3
- https://git.kernel.org/stable/c/fa8c413e6b74ae5d12daf911c73238c5bdacd8e6
- https://git.kernel.org/stable/c/4bf584a03eec674975ee9fe36c8583d9d470dab1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.238
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.196
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.274
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.46
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.128