#VU90505 NULL pointer dereference in Linux kernel


Vulnerability identifier: #VU90505

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47418

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fifo_set_limit() function in net/sched/sch_fifo.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions


External links
http://git.kernel.org/stable/c/0dd7ddc462b9c2d31eb5a9926a2cc63eaa3e9f52
http://git.kernel.org/stable/c/08d7056e8e250fd2e67dbea5be5fdecdd75bf6b4
http://git.kernel.org/stable/c/26af64d71b6277841285fa40e3f7164a378dfda9
http://git.kernel.org/stable/c/d07098f45be868a9cdce6c616563c36c64dbbd87
http://git.kernel.org/stable/c/c951a3be5e8803e93bb49a0aca0d30457d3c1b67
http://git.kernel.org/stable/c/acff2d182c0768a713cee77442caeb07668bd68f
http://git.kernel.org/stable/c/fb58cd7991747b5e0b110c98c922d7b0e47a1f14
http://git.kernel.org/stable/c/560ee196fe9e5037e5015e2cdb14b3aecb1cd7dc


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability