Vulnerability identifier: #VU91230

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47260

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nfs_get_client() function in fs/nfs/client.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
http://git.kernel.org/stable/c/fab8bfdfb4aac9e4e8363666333adfdf21e89106
http://git.kernel.org/stable/c/a979e601000982a3ca693171a6d4dffc47f8ad00
http://git.kernel.org/stable/c/634f17ff1d59905eb3b4bbbc00805961d08beaee
http://git.kernel.org/stable/c/4b380a7d84ef2ce3f4f5bec5d8706ed937ac6502
http://git.kernel.org/stable/c/0057ecef9f324007c0ba5fcca4ddd131178ce78b
http://git.kernel.org/stable/c/279ad78a00f8b9c5ff24171a59297187a3bd44b7
http://git.kernel.org/stable/c/58ddf61f10b8f9b7b1341644bfee2f1c6508d4e1
http://git.kernel.org/stable/c/09226e8303beeec10f2ff844d2e46d1371dc58e0

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.