NULL pointer dereference in Linux kernel sched



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-47418
CWE-ID CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU90505

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47418

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fifo_set_limit() function in net/sched/sch_fifo.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3
External links

http://git.kernel.org/stable/c/0dd7ddc462b9c2d31eb5a9926a2cc63eaa3e9f52
http://git.kernel.org/stable/c/08d7056e8e250fd2e67dbea5be5fdecdd75bf6b4
http://git.kernel.org/stable/c/26af64d71b6277841285fa40e3f7164a378dfda9
http://git.kernel.org/stable/c/d07098f45be868a9cdce6c616563c36c64dbbd87
http://git.kernel.org/stable/c/c951a3be5e8803e93bb49a0aca0d30457d3c1b67
http://git.kernel.org/stable/c/acff2d182c0768a713cee77442caeb07668bd68f
http://git.kernel.org/stable/c/fb58cd7991747b5e0b110c98c922d7b0e47a1f14
http://git.kernel.org/stable/c/560ee196fe9e5037e5015e2cdb14b3aecb1cd7dc


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###