#VU90620 NULL pointer dereference in Linux kernel - CVE-2021-47149

Vulnerability identifier: #VU90620

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47149

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the fmvj18x_get_hwinfo() function in drivers/net/ethernet/fujitsu/fmvj18x_cs.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/b92170e209f7746ed72eaac98f2c2f4b9af734e6
https://git.kernel.org/stable/c/6dbf1101594f7c76990b63c35b5a40205a914b6b
https://git.kernel.org/stable/c/c4f1c23edbe921ab2ecd6140d700e756cd44c5f7
https://git.kernel.org/stable/c/7883d3895d0fbb0ba9bff0f8665f99974b45210f
https://git.kernel.org/stable/c/22049c3d40f08facd1867548716a484dad6b3251
https://git.kernel.org/stable/c/71723a796ab7881f491d663c6cd94b29be5fba50
https://git.kernel.org/stable/c/f14bf57a08779a5dee9936f63ada0149ea89c5e6
https://git.kernel.org/stable/c/52202be1cd996cde6e8969a128dc27ee45a7cb5e

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.