NULL pointer dereference in Linux kernel qlogic qlcnic driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-47542 |
| CWE-ID | CWE-476 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) NULL pointer dereference
EUVDB-ID: #VU90396
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47542
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qlcnic_83xx_add_rings() function in drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.4 - 5.16 rc8
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.0-57:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/3a061d54e260b701b538873b43e399d9b8b83e03
https://git.kernel.org/stable/c/b4f217d6fcc00c3fdc0921a7691f30be7490b073
https://git.kernel.org/stable/c/550658a2d61e4eaf522c8ebc7fad76dc376bfb45
https://git.kernel.org/stable/c/57af54a56024435d83e44c78449513b414eb6edf
https://git.kernel.org/stable/c/bbeb0325a7460ebf1e03f5e0bfc5c652fba9519f
https://git.kernel.org/stable/c/15fa12c119f869173f9b710cbe6a4a14071d2105
https://git.kernel.org/stable/c/c5ef33c1489b2cd74368057fa00b5d2183bb5853
https://git.kernel.org/stable/c/e2dabc4f7e7b60299c20a36d6a7b24ed9bf8e572
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.257
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.220
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.294
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.292
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.84
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.7
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.164
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
