{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47385", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:58:30.813Z", "datePublished": "2024-05-21T15:03:45.615Z", "dateUpdated": "2025-06-19T12:56:05.177Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-06-19T12:56:05.177Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field\n\nIf driver read val value sufficient for\n(val & 0x08) && (!(val & 0x80)) && ((val & 0x7) == ((val >> 4) & 0x7))\nfrom device then Null pointer dereference occurs.\n(It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers)\nAlso lm75[] does not serve a purpose anymore after switching to\ndevm_i2c_new_dummy_device() in w83791d_detect_subclients().\n\nThe patch fixes possible NULL pointer dereference by removing lm75[].\n\nFound by Linux Driver Verification project (linuxtesting.org).\n\n[groeck: Dropped unnecessary continuation lines, fixed multipline alignment]"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hwmon/w83792d.c"], "versions": [{"version": "f64211151db4269341ee6432ce832ae3756725ad", "lessThan": "200ced5ba724d8bbf29dfac4ed1e17a39ccaccd1", "status": "affected", "versionType": "git"}, {"version": "f64211151db4269341ee6432ce832ae3756725ad", "lessThan": "1499bb2c3a87a2efea0065adab2bd66badee61c3", "status": "affected", "versionType": "git"}, {"version": "f64211151db4269341ee6432ce832ae3756725ad", "lessThan": "24af1fe376e22c42238a4a604d31e46c486876c3", "status": "affected", "versionType": "git"}, {"version": "f64211151db4269341ee6432ce832ae3756725ad", "lessThan": "0f36b88173f028e372668ae040ab1a496834d278", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/hwmon/w83792d.c"], "versions": [{"version": "5.4", "status": "affected"}, {"version": "0", "lessThan": "5.4", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.151", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.71", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.14.10", "lessThanOrEqual": "5.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.4.151"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.10.71"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.14.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4", "versionEndExcluding": "5.15"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/200ced5ba724d8bbf29dfac4ed1e17a39ccaccd1"}, {"url": "https://git.kernel.org/stable/c/1499bb2c3a87a2efea0065adab2bd66badee61c3"}, {"url": "https://git.kernel.org/stable/c/24af1fe376e22c42238a4a604d31e46c486876c3"}, {"url": "https://git.kernel.org/stable/c/0f36b88173f028e372668ae040ab1a496834d278"}], "title": "hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47385", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T18:21:21.066599Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:13:54.726Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.690Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/200ced5ba724d8bbf29dfac4ed1e17a39ccaccd1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1499bb2c3a87a2efea0065adab2bd66badee61c3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/24af1fe376e22c42238a4a604d31e46c486876c3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0f36b88173f028e372668ae040ab1a496834d278", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/200ced5ba724d8bbf29dfac4ed1e17a39ccaccd1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1499bb2c3a87a2efea0065adab2bd66badee61c3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/24af1fe376e22c42238a4a604d31e46c486876c3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/0f36b88173f028e372668ae040ab1a496834d278", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:59.690Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47385", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T18:21:21.066599Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:25.416Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "f64211151db4269341ee6432ce832ae3756725ad", "lessThan": "200ced5ba724d8bbf29dfac4ed1e17a39ccaccd1", "versionType": "git"}, {"status": "affected", "version": "f64211151db4269341ee6432ce832ae3756725ad", "lessThan": "1499bb2c3a87a2efea0065adab2bd66badee61c3", "versionType": "git"}, {"status": "affected", "version": "f64211151db4269341ee6432ce832ae3756725ad", "lessThan": "24af1fe376e22c42238a4a604d31e46c486876c3", "versionType": "git"}, {"status": "affected", "version": "f64211151db4269341ee6432ce832ae3756725ad", "lessThan": "0f36b88173f028e372668ae040ab1a496834d278", "versionType": "git"}], "programFiles": ["drivers/hwmon/w83792d.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.4"}, {"status": "unaffected", "version": "0", "lessThan": "5.4", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.151", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.71", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.14.10", "versionType": "semver", "lessThanOrEqual": "5.14.*"}, {"status": "unaffected", "version": "5.15", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/hwmon/w83792d.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/200ced5ba724d8bbf29dfac4ed1e17a39ccaccd1"}, {"url": "https://git.kernel.org/stable/c/1499bb2c3a87a2efea0065adab2bd66badee61c3"}, {"url": "https://git.kernel.org/stable/c/24af1fe376e22c42238a4a604d31e46c486876c3"}, {"url": "https://git.kernel.org/stable/c/0f36b88173f028e372668ae040ab1a496834d278"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field\n\nIf driver read val value sufficient for\n(val & 0x08) && (!(val & 0x80)) && ((val & 0x7) == ((val >> 4) & 0x7))\nfrom device then Null pointer dereference occurs.\n(It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers)\nAlso lm75[] does not serve a purpose anymore after switching to\ndevm_i2c_new_dummy_device() in w83791d_detect_subclients().\n\nThe patch fixes possible NULL pointer dereference by removing lm75[].\n\nFound by Linux Driver Verification project (linuxtesting.org).\n\n[groeck: Dropped unnecessary continuation lines, fixed multipline alignment]"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.151", "versionStartIncluding": "5.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.71", "versionStartIncluding": "5.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.14.10", "versionStartIncluding": "5.4"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15", "versionStartIncluding": "5.4"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-06-19T12:56:05.177Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47385", "state": "PUBLISHED", "dateUpdated": "2025-06-19T12:56:05.177Z", "dateReserved": "2024-05-21T14:58:30.813Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T15:03:45.615Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CFAD632-B57F-4EA1-ADE8-DB60D79DF4BD", "versionEndExcluding": "5.4.151", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "60C740E4-6C54-40CD-A914-2232D8FC781D", "versionEndExcluding": "5.10.71", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A437B0D-8305-4C72-B691-D26986A126CF", "versionEndExcluding": "5.14.10", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "E46C74C6-B76B-4C94-A6A4-FD2FFF62D644", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*", "matchCriteriaId": "60134C3A-06E4-48C1-B04F-2903732A4E56", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*", "matchCriteriaId": "0460DA88-8FE1-46A2-9DDA-1F1ABA552E71", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field\n\nIf driver read val value sufficient for\n(val & 0x08) && (!(val & 0x80)) && ((val & 0x7) == ((val >> 4) & 0x7))\nfrom device then Null pointer dereference occurs.\n(It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers)\nAlso lm75[] does not serve a purpose anymore after switching to\ndevm_i2c_new_dummy_device() in w83791d_detect_subclients().\n\nThe patch fixes possible NULL pointer dereference by removing lm75[].\n\nFound by Linux Driver Verification project (linuxtesting.org).\n\n[groeck: Dropped unnecessary continuation lines, fixed multipline alignment]"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: hwmon: (w83792d) Corrija la desreferencia del puntero NULL eliminando el campo de estructura innecesario. Si el controlador lee el valor val suficiente para (val & 0x08) && (!(val & 0x80)) && (( val & 0x7) == ((val >> 4) & 0x7)) desde el dispositivo, luego se produce la desreferencia del puntero null. (Es posible si tmp = 0b0xyz1xyz, donde los mismos literales significan los mismos n\u00fameros) Adem\u00e1s, lm75[] ya no sirve para nada despu\u00e9s de cambiar a devm_i2c_new_dummy_device() en w83791d_detect_subclients(). El parche corrige la posible desreferencia del puntero NULL eliminando lm75[]. Encontrado por el proyecto de verificaci\u00f3n de controladores de Linux (linuxtesting.org). [groeck: Se eliminaron l\u00edneas de continuaci\u00f3n innecesarias, se corrigi\u00f3 la alineaci\u00f3n multil\u00ednea]"}], "id": "CVE-2021-47385", "lastModified": "2024-12-23T21:01:31.227", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-21T15:15:24.020", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0f36b88173f028e372668ae040ab1a496834d278"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1499bb2c3a87a2efea0065adab2bd66badee61c3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/200ced5ba724d8bbf29dfac4ed1e17a39ccaccd1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/24af1fe376e22c42238a4a604d31e46c486876c3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0f36b88173f028e372668ae040ab1a496834d278"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1499bb2c3a87a2efea0065adab2bd66badee61c3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/200ced5ba724d8bbf29dfac4ed1e17a39ccaccd1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/24af1fe376e22c42238a4a604d31e46c486876c3"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7001", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:5281", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "kernel-0:4.18.0-372.118.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5281", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "kernel-0:4.18.0-372.118.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:5281", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kernel-0:4.18.0-372.118.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-08-13T00:00:00Z"}, {"advisory": "RHSA-2024:6206", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.70.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:8162", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.40.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:8162", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-427.40.1.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:8157", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "kernel-0:5.14.0-284.88.1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-16T00:00:00Z"}, {"advisory": "RHSA-2024:8158", "cpe": "cpe:/a:redhat:rhel_eus:9.2::nfv", "package": "kernel-rt-0:5.14.0-284.88.1.rt14.373.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-16T00:00:00Z"}], "bugzilla": {"description": "kernel: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field", "id": "2282355", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282355"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nhwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field\nIf driver read val value sufficient for\n(val & 0x08) && (!(val & 0x80)) && ((val & 0x7) == ((val >> 4) & 0x7))\nfrom device then Null pointer dereference occurs.\n(It is possible if tmp = 0b0xyz1xyz, where same literals mean same numbers)\nAlso lm75[] does not serve a purpose anymore after switching to\ndevm_i2c_new_dummy_device() in w83791d_detect_subclients().\nThe patch fixes possible NULL pointer dereference by removing lm75[].\nFound by Linux Driver Verification project (linuxtesting.org).\n[groeck: Dropped unnecessary continuation lines, fixed multipline alignment]", "A vulnerability was found in the Linux kernel's hwmon driver for the w83792d module where a NULL pointer dereference was caused by the lm75[] obsolete structure field. During specific device read operations, if certain conditions are met, the driver may attempt to access a NULL pointer because this unnecessary field is being retained, which can lead to system crashes or instability."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2021-47385", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47385\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47385\nhttps://lore.kernel.org/linux-cve-announce/2024052144-CVE-2021-47385-a7e7@gregkh/T"], "statement": "This vulnerability is rated as a Moderate severity because it can cause crashes and operational disruptions. It does not expose sensitive information or allow unauthorized access.\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-476: NULL Pointer Dereference vulnerability and downgrades the severity of this particular CVE from Moderate to Low.\nThe platform incorporates secure engineering principles and controls to enforce secure coding practices, including proper memory handling and error checking, reducing the likelihood of NULL pointer dereference vulnerabilities. Coding standards, tools, and processes support early detection and prevention of memory-related flaws. Static code analysis identifies NULL dereference and related issues during development, while system monitoring detects memory errors and anomalous behavior in the event of exploitation. Additionally, the platform leverages memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) to strengthen resilience against memory-related vulnerabilities.", "threat_severity": "Moderate"}

{}