NULL pointer dereference in Linux kernel

#VU90462 NULL pointer dereference in Linux kernel

Cybersecurity Help s.r.o.

Published: 2024-05-31

Vulnerability identifier: #VU90462

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47220

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dwc3_remove() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/ff4c63f3e8cb7af2ce51cc56b031e08fd23c758b
http://git.kernel.org/stable/c/58b5e02c6ca0e2b7c87cd8023ff786ef3c0eef74
http://git.kernel.org/stable/c/7f9745ab342bcce5efd5d4d2297d0a3dd9db0eac
http://git.kernel.org/stable/c/fd7c4bd582494934be15d41aebe0dbe23790605f
http://git.kernel.org/stable/c/174c27583b3807ac96228c442735b02622d8d1c3
http://git.kernel.org/stable/c/fa8c413e6b74ae5d12daf911c73238c5bdacd8e6
http://git.kernel.org/stable/c/4bf584a03eec674975ee9fe36c8583d9d470dab1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

NULL pointer dereference in Linux kernel usb dwc3 driver