Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2021-47267 |
CWE-ID | CWE-476 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU90474
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47267
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usb_assign_descriptors() function in drivers/usb/gadget/config.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/fd24be23abf3e94260be0f00bb42c7e91d495f87
http://git.kernel.org/stable/c/70cd19cb5bd94bbb5bacfc9c1e4ee0071699a604
http://git.kernel.org/stable/c/45f9a2fe737dc0a5df270787f2231aee8985cd59
http://git.kernel.org/stable/c/5ef23506695b01d5d56a13a092a97f2478069d75
http://git.kernel.org/stable/c/b972eff874637402ddc4a7dd11fb22538a0b6d28
http://git.kernel.org/stable/c/ca6bc277430d90375452b60b047763a090b7673e
http://git.kernel.org/stable/c/032e288097a553db5653af552dd8035cd2a0ba96
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.