NULL pointer dereference in Linux kernel usb dwc3 driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-47269 |
| CWE-ID | CWE-476 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) NULL pointer dereference
EUVDB-ID: #VU90477
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47269
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc3_wIndex_to_dep() function in drivers/usb/dwc3/ep0.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.4 - 5.13 rc5
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.0-57:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/96b74a99d360235c24052f1d060e64ac53f43528
https://git.kernel.org/stable/c/60156089f07e724e4dc8483702d5e1ede4522749
https://git.kernel.org/stable/c/990dc90750772622d44ca2ea6652c521e6f67e16
https://git.kernel.org/stable/c/bd551e7c85939de2182010273450bfa78c3742fc
https://git.kernel.org/stable/c/366369b89bedd59b1425386e8d4a18a466e420e4
https://git.kernel.org/stable/c/470403639114895e2697c766fbe17be8d0e9b67a
https://git.kernel.org/stable/c/788755756dd4a6aba1de479fec20b0fa600e7f19
https://git.kernel.org/stable/c/d00889080ab60051627dab1d85831cd9db750e2a
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.237
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.195
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.273
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.273
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.44
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.126
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
