#VU90500 NULL pointer dereference in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90500

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47353

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the udf_symlink() function in fs/udf/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/2f3d9ddd32a28803baa547e6274983b67d5e287c
http://git.kernel.org/stable/c/371566f63cbd0bb6fbb25b8fe9d5798268d35af9
http://git.kernel.org/stable/c/baea588a42d675e35daeaddd10fbc9700550bc4d
http://git.kernel.org/stable/c/3638705ecd5ad2785e996f820121c0ad15ce64b5
http://git.kernel.org/stable/c/80d505aee6398cf8beb72475c7edcf1733c1c68b
http://git.kernel.org/stable/c/21bf1414580c36ffc8d8de043beb3508cf812238
http://git.kernel.org/stable/c/aebed6b19e51a34003d998da5ebb1dfdd2cb1d02
http://git.kernel.org/stable/c/5150877e4d99f85057a458daac7cd7c01005d5c6
http://git.kernel.org/stable/c/fa236c2b2d4436d9f19ee4e5d5924e90ffd7bb43

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 20.03 LTS SP4 update for kernel
NULL pointer dereference in Linux kernel udf