NULL pointer dereference in Linux kernel block



| Updated: 2025-05-14
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-47552
CWE-ID CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU90397

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47552

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the disk_release() function in block/genhd.c, within the blk_release_queue() function in block/blk-sysfs.c, within the blk_mq_rq_cpu() function in block/blk-mq.c, within the blk_cleanup_queue() function in block/blk-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.15 - 5.16 rc8

CPE2.3 External links

https://git.kernel.org/stable/c/e03513f58919d9e2bc6df765ca2c9da863d03d90
https://git.kernel.org/stable/c/2a19b28f7929866e1cec92a3619f4de9f2d20005
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.6
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###