What is the severity of CVE-2021-47652?

CVE-2021-47652 is categorized with medium severity due to the potential for kernel crashes from null pointer dereferences.

How do I fix CVE-2021-47652?

To fix CVE-2021-47652, update to a patched version of the Linux kernel that addresses this vulnerability.

What versions of the Linux kernel are affected by CVE-2021-47652?

CVE-2021-47652 affects multiple versions of the Linux kernel, specifically versions from 3.2 up to 5.17.2, excluding the patched versions.

What components are impacted by CVE-2021-47652?

CVE-2021-47652 primarily impacts the framebuffer device subsystem in the Linux kernel.

Is remote exploitation possible with CVE-2021-47652?

CVE-2021-47652 does not enable remote exploitation as it requires local access to trigger the vulnerability.

Vulnerability/
CVE-2021-47652

medium

5.5

CWE

476

26/2/2025

18/3/2025

CVE-2021-47652: video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()

First published: Wed Feb 26 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() I got a null-ptr-deref report: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:fb_destroy_modelist+0x38/0x100 ... Call Trace: ufx_usb_probe.cold+0x2b5/0xac1 [smscufx] usb_probe_interface+0x1aa/0x3c0 [usbcore] really_probe+0x167/0x460 ... ret_from_fork+0x1f/0x30 If fb_alloc_cmap() fails in ufx_usb_probe(), fb_destroy_modelist() will be called to destroy modelist in the error handling path. But modelist has not been initialized yet, so it will result in null-ptr-deref. Initialize modelist before calling fb_alloc_cmap() to fix this bug.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected Software	Affected Version	How to fix
Linux Kernel
Linux Kernel	>=3.2<4.9.311
Linux Kernel	>=4.10<4.14.276
Linux Kernel	>=4.15<4.19.238
Linux Kernel	>=4.20<5.4.189
Linux Kernel	>=5.5<5.10.110
Linux Kernel	>=5.11<5.15.33
Linux Kernel	>=5.16<5.16.19
Linux Kernel	>=5.17<5.17.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-47652?
CVE-2021-47652 is categorized with medium severity due to the potential for kernel crashes from null pointer dereferences.
How do I fix CVE-2021-47652?
To fix CVE-2021-47652, update to a patched version of the Linux kernel that addresses this vulnerability.
What versions of the Linux kernel are affected by CVE-2021-47652?
CVE-2021-47652 affects multiple versions of the Linux kernel, specifically versions from 3.2 up to 5.17.2, excluding the patched versions.
What components are impacted by CVE-2021-47652?
CVE-2021-47652 primarily impacts the framebuffer device subsystem in the Linux kernel.
Is remote exploitation possible with CVE-2021-47652?
CVE-2021-47652 does not enable remote exploitation as it requires local access to trigger the vulnerability.

collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/type
agent/title
agent/weakness
agent/author
agent/references
agent/source
agent/description
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/severity
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/event
agent/tags
agent/guess-ai
agent/software-canonical-lookup-request
vendor/linux
canonical/linux kernel
version/linux kernel/3.2
version/linux kernel/4.10
version/linux kernel/4.15
version/linux kernel/4.20
version/linux kernel/5.5
version/linux kernel/5.11
version/linux kernel/5.16
version/linux kernel/5.17

Frequently Asked Questions

What is the severity of CVE-2021-47652?
CVE-2021-47652 is categorized with medium severity due to the potential for kernel crashes from null pointer dereferences.
How do I fix CVE-2021-47652?
To fix CVE-2021-47652, update to a patched version of the Linux kernel that addresses this vulnerability.
What versions of the Linux kernel are affected by CVE-2021-47652?
CVE-2021-47652 affects multiple versions of the Linux kernel, specifically versions from 3.2 up to 5.17.2, excluding the patched versions.
What components are impacted by CVE-2021-47652?
CVE-2021-47652 primarily impacts the framebuffer device subsystem in the Linux kernel.
Is remote exploitation possible with CVE-2021-47652?
CVE-2021-47652 does not enable remote exploitation as it requires local access to trigger the vulnerability.

CVE-2021-47652: video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-47652?

How do I fix CVE-2021-47652?

What versions of the Linux kernel are affected by CVE-2021-47652?

What components are impacted by CVE-2021-47652?

Is remote exploitation possible with CVE-2021-47652?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2021-47652?

How do I fix CVE-2021-47652?

What versions of the Linux kernel are affected by CVE-2021-47652?

What components are impacted by CVE-2021-47652?

Is remote exploitation possible with CVE-2021-47652?