CVE-2021-47218 : In the Linux kernel, the following vulnerability has been resolved: selinux: fi

In the Linux kernel, the following vulnerability has been resolved: selinux: fix NULL-pointer dereference when hashtab allocation fails When the hash table slot array allocation fails in hashtab_init(), h->size is left initialized with a non-zero value, but the h->htable pointer is NULL. This may then cause a NULL pointer dereference, since the policydb code relies on the assumption that even after a failed hashtab_init(), hashtab_map() and hashtab_destroy() can be safely called on it. Yet, these detect an empty hashtab only by looking at the size. Fix this by making sure that hashtab_init() always leaves behind a valid empty hashtab when the allocation fails.

Published 2024-04-10 19:15:49

Updated 2025-01-14 14:44:56

Source Linux

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2021-47218

Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.15.5
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.8 and before (<) 5.10.82
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.16 Update RC1
cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.16 Update RC2
cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-47218

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 16 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-47218

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST	2025-01-14
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-47218

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-47218

https://git.kernel.org/stable/c/b17dd53cac769dd13031b0ca34f90cc65e523fab

selinux: fix NULL-pointer dereference when hashtab allocation fails - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/dc27f3c5d10c58069672215787a96b4fae01818b

selinux: fix NULL-pointer dereference when hashtab allocation fails - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/83c8ab8503adf56bf68dafc7a382f4946c87da79

selinux: fix NULL-pointer dereference when hashtab allocation fails - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2021-47218

Products affected by CVE-2021-47218

Exploit prediction scoring system (EPSS) score for CVE-2021-47218

CVSS scores for CVE-2021-47218

CWE ids for CVE-2021-47218

References for CVE-2021-47218