Vulnerabilities > CVE-2021-38208 - NULL Pointer Dereference vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/08/17/1
- http://www.openwall.com/lists/oss-security/2021/08/17/1
- http://www.openwall.com/lists/oss-security/2021/08/17/2
- http://www.openwall.com/lists/oss-security/2021/08/17/2
- http://www.openwall.com/lists/oss-security/2021/08/24/2
- http://www.openwall.com/lists/oss-security/2021/08/24/2
- https://bugzilla.redhat.com/show_bug.cgi?id=1992810
- https://bugzilla.redhat.com/show_bug.cgi?id=1992810
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.10
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.10
- https://github.com/torvalds/linux/commit/4ac06a1e013cf5fdd963317ffd3b968560f33bba
- https://github.com/torvalds/linux/commit/4ac06a1e013cf5fdd963317ffd3b968560f33bba