5.5
MEDIUM
CVE-2021-47418
Linux Kernel net_sched NULL Pointer Dereference Vulnerability
Description

In the Linux kernel, the following vulnerability has been resolved: net_sched: fix NULL deref in fifo_set_limit() syzbot reported another NULL deref in fifo_set_limit() [1] I could repro the issue with : unshare -n tc qd add dev lo root handle 1:0 tbf limit 200000 burst 70000 rate 100Mbit tc qd replace dev lo parent 1:0 pfifo_fast tc qd change dev lo root handle 1:0 tbf limit 300000 burst 70000 rate 100Mbit pfifo_fast does not have a change() operation. Make fifo_set_limit() more robust about this. [1] BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 1cf99067 P4D 1cf99067 PUD 7ca49067 PMD 0 Oops: 0010 [#1] PREEMPT SMP KASAN CPU: 1 PID: 14443 Comm: syz-executor959 Not tainted 5.15.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:0x0 Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. RSP: 0018:ffffc9000e2f7310 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffffffff8d6ecc00 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff888024c27910 RDI: ffff888071e34000 RBP: ffff888071e34000 R08: 0000000000000001 R09: ffffffff8fcfb947 R10: 0000000000000001 R11: 0000000000000000 R12: ffff888024c27910 R13: ffff888071e34018 R14: 0000000000000000 R15: ffff88801ef74800 FS: 00007f321d897700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 00000000722c3000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: fifo_set_limit net/sched/sch_fifo.c:242 [inline] fifo_set_limit+0x198/0x210 net/sched/sch_fifo.c:227 tbf_change+0x6ec/0x16d0 net/sched/sch_tbf.c:418 qdisc_change net/sched/sch_api.c:1332 [inline] tc_modify_qdisc+0xd9a/0x1a60 net/sched/sch_api.c:1634 rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5572 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2504 netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1340 netlink_sendmsg+0x86d/0xdb0 net/netlink/af_netlink.c:1929 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:724 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409 ___sys_sendmsg+0xf3/0x170 net/socket.c:2463 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae

INFO

Published Date :

May 21, 2024, 3:15 p.m.

Last Modified :

Dec. 31, 2024, 8:03 p.m.

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Remotely Exploitable :

No

Impact Score :

3.6

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2021-47418 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-47418.

URL Resource
https://git.kernel.org/stable/c/08d7056e8e250fd2e67dbea5be5fdecdd75bf6b4 Patch
https://git.kernel.org/stable/c/0dd7ddc462b9c2d31eb5a9926a2cc63eaa3e9f52 Patch
https://git.kernel.org/stable/c/26af64d71b6277841285fa40e3f7164a378dfda9 Patch
https://git.kernel.org/stable/c/560ee196fe9e5037e5015e2cdb14b3aecb1cd7dc Patch
https://git.kernel.org/stable/c/acff2d182c0768a713cee77442caeb07668bd68f Patch
https://git.kernel.org/stable/c/c951a3be5e8803e93bb49a0aca0d30457d3c1b67 Patch
https://git.kernel.org/stable/c/d07098f45be868a9cdce6c616563c36c64dbbd87 Patch
https://git.kernel.org/stable/c/fb58cd7991747b5e0b110c98c922d7b0e47a1f14 Patch
https://git.kernel.org/stable/c/08d7056e8e250fd2e67dbea5be5fdecdd75bf6b4 Patch
https://git.kernel.org/stable/c/0dd7ddc462b9c2d31eb5a9926a2cc63eaa3e9f52 Patch
https://git.kernel.org/stable/c/26af64d71b6277841285fa40e3f7164a378dfda9 Patch
https://git.kernel.org/stable/c/560ee196fe9e5037e5015e2cdb14b3aecb1cd7dc Patch
https://git.kernel.org/stable/c/acff2d182c0768a713cee77442caeb07668bd68f Patch
https://git.kernel.org/stable/c/c951a3be5e8803e93bb49a0aca0d30457d3c1b67 Patch
https://git.kernel.org/stable/c/d07098f45be868a9cdce6c616563c36c64dbbd87 Patch
https://git.kernel.org/stable/c/fb58cd7991747b5e0b110c98c922d7b0e47a1f14 Patch

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-47418 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-47418 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Dec. 31, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    Added CWE NIST CWE-476
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.27 up to (excluding) 4.4.289 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.5 up to (excluding) 4.9.287 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.10 up to (excluding) 4.14.251 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.211 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.153 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.73 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.14.12 *cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:* *cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*
    Changed Reference Type https://git.kernel.org/stable/c/08d7056e8e250fd2e67dbea5be5fdecdd75bf6b4 No Types Assigned https://git.kernel.org/stable/c/08d7056e8e250fd2e67dbea5be5fdecdd75bf6b4 Patch
    Changed Reference Type https://git.kernel.org/stable/c/08d7056e8e250fd2e67dbea5be5fdecdd75bf6b4 No Types Assigned https://git.kernel.org/stable/c/08d7056e8e250fd2e67dbea5be5fdecdd75bf6b4 Patch
    Changed Reference Type https://git.kernel.org/stable/c/0dd7ddc462b9c2d31eb5a9926a2cc63eaa3e9f52 No Types Assigned https://git.kernel.org/stable/c/0dd7ddc462b9c2d31eb5a9926a2cc63eaa3e9f52 Patch
    Changed Reference Type https://git.kernel.org/stable/c/0dd7ddc462b9c2d31eb5a9926a2cc63eaa3e9f52 No Types Assigned https://git.kernel.org/stable/c/0dd7ddc462b9c2d31eb5a9926a2cc63eaa3e9f52 Patch
    Changed Reference Type https://git.kernel.org/stable/c/26af64d71b6277841285fa40e3f7164a378dfda9 No Types Assigned https://git.kernel.org/stable/c/26af64d71b6277841285fa40e3f7164a378dfda9 Patch
    Changed Reference Type https://git.kernel.org/stable/c/26af64d71b6277841285fa40e3f7164a378dfda9 No Types Assigned https://git.kernel.org/stable/c/26af64d71b6277841285fa40e3f7164a378dfda9 Patch
    Changed Reference Type https://git.kernel.org/stable/c/560ee196fe9e5037e5015e2cdb14b3aecb1cd7dc No Types Assigned https://git.kernel.org/stable/c/560ee196fe9e5037e5015e2cdb14b3aecb1cd7dc Patch
    Changed Reference Type https://git.kernel.org/stable/c/560ee196fe9e5037e5015e2cdb14b3aecb1cd7dc No Types Assigned https://git.kernel.org/stable/c/560ee196fe9e5037e5015e2cdb14b3aecb1cd7dc Patch
    Changed Reference Type https://git.kernel.org/stable/c/acff2d182c0768a713cee77442caeb07668bd68f No Types Assigned https://git.kernel.org/stable/c/acff2d182c0768a713cee77442caeb07668bd68f Patch
    Changed Reference Type https://git.kernel.org/stable/c/acff2d182c0768a713cee77442caeb07668bd68f No Types Assigned https://git.kernel.org/stable/c/acff2d182c0768a713cee77442caeb07668bd68f Patch
    Changed Reference Type https://git.kernel.org/stable/c/c951a3be5e8803e93bb49a0aca0d30457d3c1b67 No Types Assigned https://git.kernel.org/stable/c/c951a3be5e8803e93bb49a0aca0d30457d3c1b67 Patch
    Changed Reference Type https://git.kernel.org/stable/c/c951a3be5e8803e93bb49a0aca0d30457d3c1b67 No Types Assigned https://git.kernel.org/stable/c/c951a3be5e8803e93bb49a0aca0d30457d3c1b67 Patch
    Changed Reference Type https://git.kernel.org/stable/c/d07098f45be868a9cdce6c616563c36c64dbbd87 No Types Assigned https://git.kernel.org/stable/c/d07098f45be868a9cdce6c616563c36c64dbbd87 Patch
    Changed Reference Type https://git.kernel.org/stable/c/d07098f45be868a9cdce6c616563c36c64dbbd87 No Types Assigned https://git.kernel.org/stable/c/d07098f45be868a9cdce6c616563c36c64dbbd87 Patch
    Changed Reference Type https://git.kernel.org/stable/c/fb58cd7991747b5e0b110c98c922d7b0e47a1f14 No Types Assigned https://git.kernel.org/stable/c/fb58cd7991747b5e0b110c98c922d7b0e47a1f14 Patch
    Changed Reference Type https://git.kernel.org/stable/c/fb58cd7991747b5e0b110c98c922d7b0e47a1f14 No Types Assigned https://git.kernel.org/stable/c/fb58cd7991747b5e0b110c98c922d7b0e47a1f14 Patch
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/08d7056e8e250fd2e67dbea5be5fdecdd75bf6b4
    Added Reference https://git.kernel.org/stable/c/0dd7ddc462b9c2d31eb5a9926a2cc63eaa3e9f52
    Added Reference https://git.kernel.org/stable/c/26af64d71b6277841285fa40e3f7164a378dfda9
    Added Reference https://git.kernel.org/stable/c/560ee196fe9e5037e5015e2cdb14b3aecb1cd7dc
    Added Reference https://git.kernel.org/stable/c/acff2d182c0768a713cee77442caeb07668bd68f
    Added Reference https://git.kernel.org/stable/c/c951a3be5e8803e93bb49a0aca0d30457d3c1b67
    Added Reference https://git.kernel.org/stable/c/d07098f45be868a9cdce6c616563c36c64dbbd87
    Added Reference https://git.kernel.org/stable/c/fb58cd7991747b5e0b110c98c922d7b0e47a1f14
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 28, 2024

    Action Type Old Value New Value
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 21, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: net_sched: fix NULL deref in fifo_set_limit() syzbot reported another NULL deref in fifo_set_limit() [1] I could repro the issue with : unshare -n tc qd add dev lo root handle 1:0 tbf limit 200000 burst 70000 rate 100Mbit tc qd replace dev lo parent 1:0 pfifo_fast tc qd change dev lo root handle 1:0 tbf limit 300000 burst 70000 rate 100Mbit pfifo_fast does not have a change() operation. Make fifo_set_limit() more robust about this. [1] BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 1cf99067 P4D 1cf99067 PUD 7ca49067 PMD 0 Oops: 0010 [#1] PREEMPT SMP KASAN CPU: 1 PID: 14443 Comm: syz-executor959 Not tainted 5.15.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:0x0 Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. RSP: 0018:ffffc9000e2f7310 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffffffff8d6ecc00 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffff888024c27910 RDI: ffff888071e34000 RBP: ffff888071e34000 R08: 0000000000000001 R09: ffffffff8fcfb947 R10: 0000000000000001 R11: 0000000000000000 R12: ffff888024c27910 R13: ffff888071e34018 R14: 0000000000000000 R15: ffff88801ef74800 FS: 00007f321d897700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 00000000722c3000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: fifo_set_limit net/sched/sch_fifo.c:242 [inline] fifo_set_limit+0x198/0x210 net/sched/sch_fifo.c:227 tbf_change+0x6ec/0x16d0 net/sched/sch_tbf.c:418 qdisc_change net/sched/sch_api.c:1332 [inline] tc_modify_qdisc+0xd9a/0x1a60 net/sched/sch_api.c:1634 rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5572 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2504 netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1340 netlink_sendmsg+0x86d/0xdb0 net/netlink/af_netlink.c:1929 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:724 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409 ___sys_sendmsg+0xf3/0x170 net/socket.c:2463 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae
    Added Reference kernel.org https://git.kernel.org/stable/c/0dd7ddc462b9c2d31eb5a9926a2cc63eaa3e9f52 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/08d7056e8e250fd2e67dbea5be5fdecdd75bf6b4 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/26af64d71b6277841285fa40e3f7164a378dfda9 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/d07098f45be868a9cdce6c616563c36c64dbbd87 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/c951a3be5e8803e93bb49a0aca0d30457d3c1b67 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/acff2d182c0768a713cee77442caeb07668bd68f [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/fb58cd7991747b5e0b110c98c922d7b0e47a1f14 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/560ee196fe9e5037e5015e2cdb14b3aecb1cd7dc [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-47418 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-47418 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
:
© cvefeed.io
Latest DB Update: May. 15, 2025 1:05