#VU90408 NULL pointer dereference in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90408

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47440

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the encx24j600_spi_probe() function in drivers/net/ethernet/microchip/encx24j600.c, within the devm_regmap_init_encx24j600() function in drivers/net/ethernet/microchip/encx24j600-regmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/66358471fa75a713fd76bc8a4bd74cb14cd50a4f
http://git.kernel.org/stable/c/f043fac1133a6c5ef960a8422c0f6dd711dee462
http://git.kernel.org/stable/c/fddc7f678d7fb93caa0d7bc512f968ff1e2bddbc
http://git.kernel.org/stable/c/5e5494e6fc8a29c927e0478bec4a078a40da8901
http://git.kernel.org/stable/c/4c2eb80fc90b05559ce6ed1b8dfb2348420b5644
http://git.kernel.org/stable/c/e19c10d6e07c59c96e90fe053a72683ad8b0397e
http://git.kernel.org/stable/c/322c0e53496309e634d9db7349678eaad1d25b55
http://git.kernel.org/stable/c/f03dca0c9e2297c84a018e306f8a9cd534ee4287

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
openEuler 20.03 LTS SP4 update for kernel
NULL pointer dereference in Linux kernel ethernet microchip driver