NULL pointer dereference in Linux kernel tee amdtee driver



| Updated: 2025-05-13
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-47601
CWE-ID CWE-476
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) NULL pointer dereference

EUVDB-ID: #VU92337

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47601

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the copy_ta_binary() function in drivers/tee/amdtee/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.10 - 5.16 rc8

CPE2.3 External links

https://git.kernel.org/stable/c/640e28d618e82be78fb43b4bf5113bc90d6aa442
https://git.kernel.org/stable/c/832f3655c6138c23576ed268e31cc76e0f05f2b1
https://git.kernel.org/stable/c/9d7482771fac8d8e38e763263f2ca0ca12dd22c6
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.88
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###