PRIOn Logo

CVE-2021-47518 Null pointer dereference

Routine
Remediate Within 6 Months

CVE Information

Original CVE data

Published:
Updated:

In the Linux kernel, the following vulnerability has been resolved: nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done The done() netlink callback nfc_genl_dump_ses_done() should check if received argument is non-NULL, because its allocation could fail earlier in dumpit() (nfc_genl_dump_ses()).

CWE: CWE-476
CVSS v2-
CVSS v35.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
https://git.kernel.org/stable/c/87cdb8789c38e44ae5454aafe277997c950d00ed
https://git.kernel.org/stable/c/69bb79a8f5bb9f436b6f1434ca9742591b7bbe18
https://git.kernel.org/stable/c/811a7576747760bcaf60502f096d1e6e91d566fa
https://git.kernel.org/stable/c/3b861a40325eac9c4c13b6c53874ad90617e944d
https://git.kernel.org/stable/c/48fcd08fdbe05e35b650a252ec2a2d96057a1c7a
https://git.kernel.org/stable/c/83ea620a1be840bf05089a5061fb8323ca42f38c
https://git.kernel.org/stable/c/fae9705d281091254d4a81fa2da9d22346097dca
https://git.kernel.org/stable/c/4cd8371a234d051f9c9557fcbb1f8c523b1c0d10
Affected Vendors

Linux - (1)

Basic Analysis

Common vulnerability metrics

Vulnerabilty type as detected by PRIOnengine

Null pointer dereference

CVSS Scores as calculated by PRIOnengine
CVSS v22.1
AV:L/AC:L/AU:N/C:N/I:N/A:P
CVSS v35.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
MITRE CWE Top 25

Vulnerability weakness type is in the top 25 CWEs according to MITRE. View Mitre Top 25 CWEs

Exploits

No exploit code is reported to exist.

Active Exploitation

Vulnerability is not in CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog

Social Network Activity

-

Threat Actor Activity

No sightings of the vulnerability within threat reports.

Cybersecurity Frameworks

How the vulnerability maps against various cybersecurity frameworks

-

Compliance Impact

How the submited vulnerability affects compliance

PCI DSS v3.2.1-6.5.2 - Buffer Overflows

Web Application Security Frameworks

Applicable if the issue likely affects a web application

-