CVE-2021-47353: udf: Fix NULL pointer dereference in udf_symlink function
In the Linux kernel, the following vulnerability has been resolved:
udf: Fix NULL pointer dereference in udfsymlink function
In function udfsymlink, epos.bh is assigned with the value returned by udftgetblk. The function udftgetblk is defined in udf/misc.c and returns the value of sbgetblk function that could be NULL. Then, epos.bh is used without any check, causing a possible NULL pointer dereference when sbgetblk fails.
This fix adds a check to validate the value of epos.bh.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
udf: Fix NULL pointer dereference in udfsymlink function
The Linux kernel CVE team has assigned CVE-2021-47353 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052141-CVE-2021-47353-8d3a@gregkh/T
— Red Hat
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2021-47353?
CVE-2021-47353 has a medium severity level as it involves a NULL pointer dereference in the Linux kernel.
How do I fix CVE-2021-47353?
To fix CVE-2021-47353, update the Linux kernel to versions 4.4.276, 4.9.276, 4.14.240, 4.19.198, 5.4.133, 5.10.51, 5.12.18, 5.13.3, or 5.14.
What software is affected by CVE-2021-47353?
CVE-2021-47353 affects various Linux kernel versions prior to the mentioned patched versions.
Is CVE-2021-47353 publicly known?
Yes, CVE-2021-47353 is publicly disclosed and information regarding it can be found in security advisories.
What is the potential impact of CVE-2021-47353?
The potential impact of CVE-2021-47353 includes system crashes or denial of service due to unexpected behavior from the NULL pointer dereference.