PRIOn Logo

CVE-2021-47186 Null pointer dereference

Routine
Remediate Within 6 Months

CVE Information

Original CVE data

Published:
Updated:

In the Linux kernel, the following vulnerability has been resolved: tipc: check for null after calling kmemdup kmemdup can return a null pointer so need to check for it, otherwise the null key will be dereferenced later in tipc_crypto_key_xmit as can be seen in the trace [1]. [1] https://syzkaller.appspot.com/bug?id=bca180abb29567b189efdbdb34cbf7ba851c2a58

CWE:
CVSS v2-
CVSS v3-
References
https://git.kernel.org/stable/c/a7d91625863d4ffed63b993b5e6dc1298b6430c9
https://git.kernel.org/stable/c/9404c4145542c23019a80ab1bb2ecf73cd057b10
https://git.kernel.org/stable/c/3e6db079751afd527bf3db32314ae938dc571916
Affected Vendors

Basic Analysis

Common vulnerability metrics

Vulnerabilty type as detected by PRIOnengine

Null pointer dereference

CVSS Scores as calculated by PRIOnengine
CVSS v24.9
AV:L/AC:L/AU:N/C:N/I:N/A:C
CVSS v37.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MITRE CWE Top 25

-

Exploits

No exploit code is reported to exist.

Active Exploitation

Vulnerability is not in CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog

Social Network Activity

-

Threat Actor Activity

No sightings of the vulnerability within threat reports.

Cybersecurity Frameworks

How the vulnerability maps against various cybersecurity frameworks

-

Compliance Impact

How the submited vulnerability affects compliance

PCI DSS v3.2.1-6.5.2 - Buffer Overflows

Web Application Security Frameworks

Applicable if the issue likely affects a web application

WASC-28 - Null Byte Injection