CVE-2021-3739NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference15 documents6 sources
Severity
7.1HIGHNVD
OSV7.8OSV6.5
EPSS
0.0%
top 92.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxFedoraproject Fedora+1 more
Timeline
PublishedMar 10

Description

A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages6 packages

Debianlinux/linux_kernel< 5.10.46-5+3
Ubuntulinux/linux_kernel< 5.4.0-90.101
NVDlinux/linux_kernel5.14.20
CVEListV5linux/linux_kernelFixed in v5.15-rc1 and above.

Also affects: Fedora 34

Patches

Patch: bugzilla.redhat.comPatch: git.kernel.orgPatch: github.com

🔴Vulnerability Details

6
OSV
CVE-2021-3739: A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes2022-03-10
OSV
linux-bluefield, linux-gke-5.4, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities2021-11-11
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm vulnerabilities2021-11-09
OSV
linux-oem-5.13 vulnerabilities2021-10-20
OSV
linux-oem-5.10 vulnerabilities2021-10-20

📋Vendor Advisories

8
Microsoft
A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker2022-03-08
Ubuntu
Linux kernel vulnerabilities2021-11-11
Ubuntu
Linux kernel vulnerabilities2021-11-09
Ubuntu
Linux kernel (OEM) vulnerabilities2021-10-20
Ubuntu
Linux kernel (OEM) vulnerabilities2021-10-20