Vulnerabilities > CVE-2021-36147 - NULL Pointer Dereference vulnerability in Linux Acrn

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

linux

CWE-476

NVD

Published: 2021-07-02

Updated: 2024-11-21

Summary

An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw/pci/virtio/virtio_net.c virtio_net_ping_rxq NULL pointer dereference for vq->used.

Vulnerable Configurations

Part	Description	Count
OS	Linux Linux Acrn 0.1 Linux Acrn 0.2 Linux Acrn 0.3 Linux Acrn 0.4 Linux Acrn 0.5 Linux Acrn 0.6 Linux Acrn 0.7 Linux Acrn 0.8 Linux Acrn 1.0 Linux Acrn 1.0.1 Linux Acrn 1.0.2 Linux Acrn 1.1 Linux Acrn 1.2 Linux Acrn 1.3 Linux Acrn 1.4	20

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://github.com/projectacrn/acrn-hypervisor/pull/6121/commits/131116b15b0e35a62085d23686b43ed1c12c1331
https://github.com/projectacrn/acrn-hypervisor/pull/6121/commits/131116b15b0e35a62085d23686b43ed1c12c1331