NULL pointer dereference in Linux kernel ethernet fujitsu driver



Published: 2024-05-31
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-47149
CWE-ID CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU90620

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47149

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fmvj18x_get_hwinfo() function in drivers/net/ethernet/fujitsu/fmvj18x_cs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/b92170e209f7746ed72eaac98f2c2f4b9af734e6
http://git.kernel.org/stable/c/6dbf1101594f7c76990b63c35b5a40205a914b6b
http://git.kernel.org/stable/c/c4f1c23edbe921ab2ecd6140d700e756cd44c5f7
http://git.kernel.org/stable/c/7883d3895d0fbb0ba9bff0f8665f99974b45210f
http://git.kernel.org/stable/c/22049c3d40f08facd1867548716a484dad6b3251
http://git.kernel.org/stable/c/71723a796ab7881f491d663c6cd94b29be5fba50
http://git.kernel.org/stable/c/f14bf57a08779a5dee9936f63ada0149ea89c5e6
http://git.kernel.org/stable/c/52202be1cd996cde6e8969a128dc27ee45a7cb5e


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###