NULL pointer dereference in Linux kernel cifs



| Updated: 2025-05-13
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-47307
CWE-ID CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU91231

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47307

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cifs_compose_mount_options() function in fs/cifs/cifs_dfs_ref.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.4 - 5.14 rc7

CPE2.3 External links

https://git.kernel.org/stable/c/f7d1fa65e74263d11f90ddd33b4d4cd905a93759
https://git.kernel.org/stable/c/e58c162789becede894d3e94c0ce6695a2ef5796
https://git.kernel.org/stable/c/ae3d181f4e912f51af7776ea165f199b16fc165d
https://git.kernel.org/stable/c/03313d1c3a2f086bb60920607ab79ac8f8578306
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.53
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.5
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.135


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###