NULL pointer dereference in Linux kernel arm mach-davinci
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-47631 |
| CWE-ID | CWE-476 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) NULL pointer dereference
EUVDB-ID: #VU104649
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47631
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the da850_evm_config_emac() function in arch/arm/mach-davinci/board-da850-evm.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.19 - 4.19.238
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.19:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.9:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/0940795c6834fbe7705acc5c3d4b2f7a5f67527a
https://git.kernel.org/stable/c/0a312ec66a03133d28570f07bc52749ccfef54da
https://git.kernel.org/stable/c/83a1cde5c74bfb44b49cb2a940d044bb2380f4ea
https://git.kernel.org/stable/c/89931d4762572aaee6edbe5673d41f8082de110f
https://git.kernel.org/stable/c/a12b356d45cbb6e8a1b718d1436b3d6239a862f3
https://git.kernel.org/stable/c/c06f476e5b74bcabb8c4a2fba55864a37e62843b
https://git.kernel.org/stable/c/c5628533a3ece64235d04fe11ec44d2be99e423d
https://git.kernel.org/stable/c/c64e2ed5cc376e137e572babfd2edc38b2cfb61b
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.239
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
