NULL pointer dereference in Linux kernel nfs
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-47179 |
| CWE-ID | CWE-476 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) NULL pointer dereference
EUVDB-ID: #VU90617
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47179
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the _pnfs_return_layout() function in fs/nfs/pnfs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.9 - 5.13 rc5
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.9:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.8:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/4e1ba532dbc1a0e19fc2458d74ab8d98680c4e42
https://git.kernel.org/stable/c/42637ca25c7d7b5a92804a679af5192e8c1a9f48
https://git.kernel.org/stable/c/39785761feadf261bc5101372b0b0bbaf6a94494
https://git.kernel.org/stable/c/aba3c7795f51717ae316f3566442dee7cc3eeccb
https://git.kernel.org/stable/c/f9890652185b72b8de9ebeb4406037640b6e1b53
https://git.kernel.org/stable/c/b090d110e66636bca473fd8b98d5c97b555a965a
https://git.kernel.org/stable/c/a421d218603ffa822a0b8045055c03eae394a7eb
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.235
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.193
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.271
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.42
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.9
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.124
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
