#VU90501 NULL pointer dereference in Linux kernel - CVE-2021-47384
Vulnerability identifier: #VU90501
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the TEMP_TO_REG() and w83793_detect_subclients() functions in drivers/hwmon/w83793.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/6cb01fe630eaffc5a2c3f7364436caddba286623
https://git.kernel.org/stable/c/7c4fd5de39f273626a2b0f3a446d2cc85cd47616
https://git.kernel.org/stable/c/746011193f44f97f8784edcf8327c587946745fc
https://git.kernel.org/stable/c/dd4d747ef05addab887dc8ff0d6ab9860bbcd783
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
