NULL pointer dereference in Linux kernel nfc
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-47518 |
| CWE-ID | CWE-476 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) NULL pointer dereference
EUVDB-ID: #VU90531
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47518
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfc_genl_dump_ses_done() function in net/nfc/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.4 - 5.16 rc8
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.0-57:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/87cdb8789c38e44ae5454aafe277997c950d00ed
https://git.kernel.org/stable/c/69bb79a8f5bb9f436b6f1434ca9742591b7bbe18
https://git.kernel.org/stable/c/811a7576747760bcaf60502f096d1e6e91d566fa
https://git.kernel.org/stable/c/3b861a40325eac9c4c13b6c53874ad90617e944d
https://git.kernel.org/stable/c/48fcd08fdbe05e35b650a252ec2a2d96057a1c7a
https://git.kernel.org/stable/c/83ea620a1be840bf05089a5061fb8323ca42f38c
https://git.kernel.org/stable/c/fae9705d281091254d4a81fa2da9d22346097dca
https://git.kernel.org/stable/c/4cd8371a234d051f9c9557fcbb1f8c523b1c0d10
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.258
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.221
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.295
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.293
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.85
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.8
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.165
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
