#VU90496 NULL pointer dereference in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90496

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47337

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the scsi_host_alloc() function in drivers/scsi/hosts.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/d2f0b960d07e52bb664471b4de0ed8b08c636b3a
http://git.kernel.org/stable/c/f3d0a109240c9bed5c60d819014786be3a2fe515
http://git.kernel.org/stable/c/e1bd3fac2baa3d5c04375980c1d5263a3335af92
http://git.kernel.org/stable/c/887bfae2732b5b02a86a859fd239d34f7ff93c05
http://git.kernel.org/stable/c/ea518b70ed5e4598c8d706f37fc16f7b06e440bd
http://git.kernel.org/stable/c/8e4212ecf0713dd57d0e3209a66201da582149b1
http://git.kernel.org/stable/c/c1671d2d2ef8a84837eea1b4d99ca0c6a66fb691
http://git.kernel.org/stable/c/93aa71ad7379900e61c8adff6a710a4c18c7c99b

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
NULL pointer dereference in Linux kernel scsi driver