Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2021-47418 |
CWE-ID | CWE-476 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU90505
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47418
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fifo_set_limit() function in net/sched/sch_fifo.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttp://git.kernel.org/stable/c/0dd7ddc462b9c2d31eb5a9926a2cc63eaa3e9f52
http://git.kernel.org/stable/c/08d7056e8e250fd2e67dbea5be5fdecdd75bf6b4
http://git.kernel.org/stable/c/26af64d71b6277841285fa40e3f7164a378dfda9
http://git.kernel.org/stable/c/d07098f45be868a9cdce6c616563c36c64dbbd87
http://git.kernel.org/stable/c/c951a3be5e8803e93bb49a0aca0d30457d3c1b67
http://git.kernel.org/stable/c/acff2d182c0768a713cee77442caeb07668bd68f
http://git.kernel.org/stable/c/fb58cd7991747b5e0b110c98c922d7b0e47a1f14
http://git.kernel.org/stable/c/560ee196fe9e5037e5015e2cdb14b3aecb1cd7dc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.