NULL pointer dereference in Linux kernel scsi driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-47337 |
| CWE-ID | CWE-476 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) NULL pointer dereference
EUVDB-ID: #VU90496
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47337
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scsi_host_alloc() function in drivers/scsi/hosts.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttps://git.kernel.org/stable/c/d2f0b960d07e52bb664471b4de0ed8b08c636b3a
https://git.kernel.org/stable/c/f3d0a109240c9bed5c60d819014786be3a2fe515
https://git.kernel.org/stable/c/e1bd3fac2baa3d5c04375980c1d5263a3335af92
https://git.kernel.org/stable/c/887bfae2732b5b02a86a859fd239d34f7ff93c05
https://git.kernel.org/stable/c/ea518b70ed5e4598c8d706f37fc16f7b06e440bd
https://git.kernel.org/stable/c/8e4212ecf0713dd57d0e3209a66201da582149b1
https://git.kernel.org/stable/c/c1671d2d2ef8a84837eea1b4d99ca0c6a66fb691
https://git.kernel.org/stable/c/93aa71ad7379900e61c8adff6a710a4c18c7c99b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
