#VU90617 NULL pointer dereference in Linux kernel - CVE-2021-47179

Vulnerability identifier: #VU90617

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47179

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the _pnfs_return_layout() function in fs/nfs/pnfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/4e1ba532dbc1a0e19fc2458d74ab8d98680c4e42
https://git.kernel.org/stable/c/42637ca25c7d7b5a92804a679af5192e8c1a9f48
https://git.kernel.org/stable/c/39785761feadf261bc5101372b0b0bbaf6a94494
https://git.kernel.org/stable/c/aba3c7795f51717ae316f3566442dee7cc3eeccb
https://git.kernel.org/stable/c/f9890652185b72b8de9ebeb4406037640b6e1b53
https://git.kernel.org/stable/c/b090d110e66636bca473fd8b98d5c97b555a965a
https://git.kernel.org/stable/c/a421d218603ffa822a0b8045055c03eae394a7eb

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.