NULL pointer dereference in Linux kernel hid driver



| Updated: 2025-05-14
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-47522
CWE-ID CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU90390

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47522

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bigben_worker() function in drivers/hid/hid-bigbenff.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.4 - 5.16 rc8

CPE2.3 External links

https://git.kernel.org/stable/c/8e0ceff632f48175ec7fb4706129c55ca8a7c7bd
https://git.kernel.org/stable/c/6272b17001e6fdcf7b4a16206287010a1523fa6e
https://git.kernel.org/stable/c/58f15f5ae7786c824868f3a7e093859b74669ce7
https://git.kernel.org/stable/c/918aa1ef104d286d16b9e7ef139a463ac7a296f0
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.85
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.8
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.165


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###