#VU90405 NULL pointer dereference in Linux kernel - CVE-2021-47435
Vulnerability identifier: #VU90405
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the start_io_acct() and dec_pending() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/9fb7cd5c7fef0f1c982e3cd27745a0dec260eaed
https://git.kernel.org/stable/c/d35aef9c60d310eff3eaddacce301efe877e2b7c
https://git.kernel.org/stable/c/9e07272cca2ed76f7f6073f4444b1143828c8d87
https://git.kernel.org/stable/c/ad1393b92e5059218d055bfec8f4946d85ad04c4
https://git.kernel.org/stable/c/d29c78d3f9c5d2604548c1065bf1ec212728ea61
https://git.kernel.org/stable/c/6e506f07c5b561d673dd0b0d8f7f420cc48024fb
https://git.kernel.org/stable/c/d208b89401e073de986dc891037c5a668f5d5d95
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
