#VU90391 NULL pointer dereference in Linux kernel - CVE-2021-47515

Cybersecurity Help s.r.o.

Published: 2024-05-31 | Updated: 2025-05-14

Vulnerability identifier: #VU90391

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47515

CWE-ID: CWE-476

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the seg6_do_srh_encap() function in net/ipv6/seg6_iptunnel.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 4.14, 4.14.0, 4.14.0 rc1, 4.14.1, 4.14.2, 4.14.3, 4.14.4, 4.14.5, 4.14.6, 4.14.7, 4.14.8, 4.14.9, 4.14.10, 4.14.11, 4.14.12, 4.14.13, 4.14.14, 4.14.15, 4.14.16, 4.14.17, 4.14.18, 4.14.19, 4.14.20, 4.14.21, 4.14.22, 4.14.23, 4.14.24, 4.14.25, 4.14.26, 4.14.27, 4.14.28, 4.14.29, 4.14.30, 4.14.31, 4.14.32, 4.14.33, 4.14.34, 4.14.35, 4.14.36, 4.14.37, 4.14.38, 4.14.39, 4.14.40, 4.14.41, 4.14.42, 4.14.43, 4.14.44, 4.14.45, 4.14.46, 4.14.47, 4.14.48, 4.14.49, 4.14.50, 4.14.51, 4.14.52, 4.14.53, 4.14.54, 4.14.55, 4.14.56, 4.14.57, 4.14.58, 4.14.59, 4.14.60, 4.14.61, 4.14.62, 4.14.63, 4.14.64, 4.14.65, 4.14.66, 4.14.67, 4.14.68, 4.14.69, 4.14.70, 4.14.71, 4.14.72, 4.14.73, 4.14.74, 4.14.75, 4.14.76, 4.14.77, 4.14.78, 4.14.79, 4.14.80, 4.14.81, 4.14.82, 4.14.83, 4.14.84, 4.14.85, 4.14.86, 4.14.87, 4.14.88, 4.14.89, 4.14.90, 4.14.91, 4.14.92, 4.14.93, 4.14.94, 4.14.95, 4.14.96, 4.14.97, 4.14.98, 4.14.99, 4.14.100, 4.14.101, 4.14.102, 4.14.103, 4.14.104, 4.14.105, 4.14.106, 4.14.107, 4.14.108, 4.14.109, 4.14.110, 4.14.111, 4.14.112, 4.14.113, 4.14.114, 4.14.115, 4.14.116, 4.14.117, 4.14.118, 4.14.119, 4.14.120, 4.14.121, 4.14.122, 4.14.123, 4.14.124, 4.14.125, 4.14.126, 4.14.127, 4.14.128, 4.14.129, 4.14.130, 4.14.131, 4.14.132, 4.14.133, 4.14.134, 4.14.135, 4.14.136, 4.14.137, 4.14.138, 4.14.139, 4.14.140, 4.14.141, 4.14.142, 4.14.143, 4.14.144, 4.14.145, 4.14.146, 4.14.147, 4.14.148, 4.14.149, 4.14.150, 4.14.151, 4.14.152, 4.14.153, 4.14.154, 4.14.155, 4.14.156, 4.14.157, 4.14.158, 4.14.159, 4.14.160, 4.14.161, 4.14.162, 4.14.163, 4.14.164, 4.14.165, 4.14.166, 4.14.167, 4.14.168, 4.14.169, 4.14.170, 4.14.171, 4.14.172, 4.14.173, 4.14.174, 4.14.175, 4.14.176, 4.14.177, 4.14.178, 4.14.179, 4.14.180, 4.14.181, 4.14.182, 4.14.183, 4.14.184, 4.14.185, 4.14.186, 4.14.187, 4.14.188, 4.14.189, 4.14.190, 4.14.191, 4.14.192, 4.14.193, 4.14.194, 4.14.195, 4.14.196, 4.14.197, 4.14.198, 4.14.199, 4.14.200, 4.14.201, 4.14.202, 4.14.203, 4.14.204, 4.14.205, 4.14.206, 4.14.207, 4.14.208, 4.14.209, 4.14.210, 4.14.211, 4.14.212, 4.14.213, 4.14.214, 4.14.215, 4.14.216, 4.14.217, 4.14.218, 4.14.219, 4.14.220, 4.14.221, 4.14.222, 4.14.223, 4.14.224, 4.14.225, 4.14.226, 4.14.227, 4.14.228, 4.14.229, 4.14.230, 4.14.231, 4.14.232, 4.14.233, 4.14.234, 4.14.235, 4.14.236, 4.14.237, 4.14.238, 4.14.239, 4.14.240, 4.14.241, 4.14.242, 4.14.243, 4.14.244, 4.14.245, 4.14.246, 4.14.247, 4.14.248, 4.14.249, 4.14.250, 4.14.251, 4.14.252, 4.14.253, 4.14.254, 4.14.255, 4.14.256, 4.14.257, 4.19, 4.19.1, 4.19.2, 4.19.3, 4.19.4, 4.19.5, 4.19.6, 4.19.7, 4.19.8, 4.19.9, 4.19.10, 4.19.11, 4.19.12, 4.19.13, 4.19.14, 4.19.15, 4.19.16, 4.19.17, 4.19.18, 4.19.19, 4.19.20, 4.19.21, 4.19.22, 4.19.23, 4.19.24, 4.19.25, 4.19.26, 4.19.27, 4.19.28, 4.19.29, 4.19.30, 4.19.31, 4.19.32, 4.19.33, 4.19.34, 4.19.35, 4.19.36, 4.19.37, 4.19.38, 4.19.39, 4.19.40, 4.19.41, 4.19.42, 4.19.43, 4.19.44, 4.19.45, 4.19.46, 4.19.47, 4.19.48, 4.19.49, 4.19.50, 4.19.51, 4.19.52, 4.19.53, 4.19.54, 4.19.55, 4.19.56, 4.19.57, 4.19.58, 4.19.59, 4.19.60, 4.19.61, 4.19.62, 4.19.63, 4.19.64, 4.19.65, 4.19.66, 4.19.67, 4.19.68, 4.19.69, 4.19.70, 4.19.71, 4.19.72, 4.19.73, 4.19.74, 4.19.75, 4.19.76, 4.19.77, 4.19.78, 4.19.79, 4.19.80, 4.19.81, 4.19.82, 4.19.83, 4.19.84, 4.19.85, 4.19.86, 4.19.87, 4.19.88, 4.19.89, 4.19.90, 4.19.91, 4.19.92, 4.19.93, 4.19.94, 4.19.95, 4.19.96, 4.19.97, 4.19.98, 4.19.99, 4.19.100, 4.19.101, 4.19.102, 4.19.103, 4.19.104, 4.19.105, 4.19.106, 4.19.107, 4.19.108, 4.19.109, 4.19.110, 4.19.111, 4.19.112, 4.19.113, 4.19.114, 4.19.115, 4.19.116, 4.19.117, 4.19.118, 4.19.118-2, 4.19.119, 4.19.120, 4.19.121, 4.19.122, 4.19.123, 4.19.124, 4.19.125, 4.19.126, 4.19.127, 4.19.128, 4.19.129, 4.19.130, 4.19.131, 4.19.132, 4.19.133, 4.19.134, 4.19.135, 4.19.136, 4.19.137, 4.19.138, 4.19.139, 4.19.140, 4.19.141, 4.19.142, 4.19.143, 4.19.144, 4.19.145, 4.19.146, 4.19.147, 4.19.148, 4.19.149, 4.19.150, 4.19.151, 4.19.152, 4.19.153, 4.19.154, 4.19.155, 4.19.156, 4.19.157, 4.19.158, 4.19.159, 4.19.160, 4.19.161, 4.19.162, 4.19.163, 4.19.164, 4.19.165, 4.19.166, 4.19.167, 4.19.168, 4.19.169, 4.19.170, 4.19.171, 4.19.172, 4.19.173, 4.19.174, 4.19.175, 4.19.176, 4.19.177, 4.19.178, 4.19.179, 4.19.180, 4.19.181, 4.19.182, 4.19.183, 4.19.184, 4.19.185, 4.19.186, 4.19.187, 4.19.188, 4.19.189, 4.19.190, 4.19.191, 4.19.192, 4.19.193, 4.19.194, 4.19.195, 4.19.196, 4.19.197, 4.19.198, 4.19.199, 4.19.200, 4.19.201, 4.19.202, 4.19.203, 4.19.204, 4.19.205, 4.19.206, 4.19.207, 4.19.208, 4.19.209, 4.19.210, 4.19.211, 4.19.212, 4.19.213, 4.19.214, 4.19.215, 4.19.216, 4.19.217, 4.19.218, 4.19.219, 4.19.220, 5.4, 5.4.0, 5.4.0 rc6, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7, 5.4.8, 5.4.9, 5.4.10, 5.4.11, 5.4.12, 5.4.13, 5.4.14, 5.4.15, 5.4.16, 5.4.17, 5.4.18, 5.4.19, 5.4.20, 5.4.21, 5.4.22, 5.4.23, 5.4.24, 5.4.25, 5.4.26, 5.4.27, 5.4.28, 5.4.29, 5.4.30, 5.4.31, 5.4.32, 5.4.33, 5.4.34, 5.4.35, 5.4.36, 5.4.37, 5.4.38, 5.4.39, 5.4.40, 5.4.41, 5.4.42, 5.4.43, 5.4.44, 5.4.45, 5.4.46, 5.4.47, 5.4.48, 5.4.49, 5.4.50, 5.4.51, 5.4.52, 5.4.53, 5.4.54, 5.4.55, 5.4.56, 5.4.57, 5.4.58, 5.4.59, 5.4.60, 5.4.61, 5.4.62, 5.4.63, 5.4.64, 5.4.65, 5.4.66, 5.4.67, 5.4.68, 5.4.69, 5.4.70, 5.4.71, 5.4.72, 5.4.73, 5.4.74, 5.4.75, 5.4.76, 5.4.77, 5.4.78, 5.4.79, 5.4.80, 5.4.81, 5.4.82, 5.4.83, 5.4.84, 5.4.85, 5.4.86, 5.4.87, 5.4.88, 5.4.89, 5.4.90, 5.4.91, 5.4.92, 5.4.93, 5.4.94, 5.4.95, 5.4.96, 5.4.97, 5.4.98, 5.4.99, 5.4.100, 5.4.101, 5.4.102, 5.4.103, 5.4.104, 5.4.105, 5.4.106, 5.4.107, 5.4.108, 5.4.109, 5.4.110, 5.4.111, 5.4.112, 5.4.113, 5.4.114, 5.4.115, 5.4.116, 5.4.117, 5.4.118, 5.4.119, 5.4.120, 5.4.121, 5.4.122, 5.4.123, 5.4.124, 5.4.125, 5.4.126, 5.4.127, 5.4.128, 5.4.129, 5.4.130, 5.4.131, 5.4.132, 5.4.133, 5.4.134, 5.4.135, 5.4.136, 5.4.137, 5.4.138, 5.4.139, 5.4.140, 5.4.141, 5.4.142, 5.4.143, 5.4.144, 5.4.145, 5.4.146, 5.4.147, 5.4.148, 5.4.149, 5.4.150, 5.4.151, 5.4.152, 5.4.153, 5.4.154, 5.4.155, 5.4.156, 5.4.157, 5.4.158, 5.4.159, 5.4.160, 5.4.161, 5.4.162, 5.4.163, 5.4.164, 5.10, 5.10 rc1, 5.10 rc2, 5.10 rc3, 5.10 rc4, 5.10 rc5, 5.10 rc7, 5.10.1, 5.10.2, 5.10.3, 5.10.4, 5.10.5, 5.10.6, 5.10.7, 5.10.8, 5.10.9, 5.10.10, 5.10.11, 5.10.12, 5.10.13, 5.10.14, 5.10.15, 5.10.16, 5.10.17, 5.10.18, 5.10.19, 5.10.20, 5.10.21, 5.10.22, 5.10.23, 5.10.24, 5.10.25, 5.10.26, 5.10.27, 5.10.28, 5.10.29, 5.10.30, 5.10.31, 5.10.32, 5.10.33, 5.10.34, 5.10.35, 5.10.36, 5.10.37, 5.10.38, 5.10.39, 5.10.40, 5.10.41, 5.10.42, 5.10.43, 5.10.44, 5.10.45, 5.10.46, 5.10.47, 5.10.48, 5.10.49, 5.10.50, 5.10.51, 5.10.52, 5.10.53, 5.10.54, 5.10.55, 5.10.56, 5.10.57, 5.10.58, 5.10.59, 5.10.60, 5.10.61, 5.10.62, 5.10.63, 5.10.64, 5.10.65, 5.10.66, 5.10.67, 5.10.68, 5.10.69, 5.10.70, 5.10.71, 5.10.72, 5.10.73, 5.10.74, 5.10.75, 5.10.76, 5.10.77, 5.10.78, 5.10.79, 5.10.80, 5.10.81, 5.10.82, 5.10.83, 5.10.84, 5.15, 5.15 rc1, 5.15 rc2, 5.15 rc3, 5.15 rc4, 5.15 rc5, 5.15 rc6, 5.15 rc7, 5.15.0, 5.15.1, 5.15.2, 5.15.3, 5.15.4, 5.15.5, 5.15.6, 5.15.7, 5.16 rc1, 5.16 rc2, 5.16 rc3, 5.16 rc4, 5.16 rc5, 5.16 rc6, 5.16 rc8

External links
https://git.kernel.org/stable/c/b16d412e5f79734033df04e97d7ea2f50a8e9fe3
https://git.kernel.org/stable/c/6431e71093f3da586a00c6d931481ffb0dc2db0e
https://git.kernel.org/stable/c/ef8804e47c0a44ae106ead1740408af5ea6c6ee9
https://git.kernel.org/stable/c/666521b3852d2b2f52d570f9122b1e4b50d96831
https://git.kernel.org/stable/c/98adb2bbfa407c9290bda299d4c6f7a1c4ebd5e1
https://git.kernel.org/stable/c/ae68d93354e5bf5191ee673982251864ea24dd5c
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.258
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.221
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.85
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.8
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.165

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

openEuler 20.03 LTS SP4 update for kernel

SUSE update for the Linux Kernel

NULL pointer dereference in Linux kernel ipv6