CVE-2021-47333 – A NULL pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2021-47333?

CVE-2021-47333 has a CVSS score of 5.5 (MEDIUM). A NULL pointer dereference vulnerability in the Linux kernel's alcor_pci driver allows local attackers to cause a kernel panic (denial of service) when a device without a PCI bridge is attached. This affects systems using the alcor_pci driver for Alcor Micro card readers. The vulnerability requires local access to trigger.

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's alcor_pci driver allows local attackers to cause a kernel panic (denial of service) when a device without a PCI bridge is attached. This affects systems using the alcor_pci driver for Alcor Micro card readers. The vulnerability requires local access to trigger.

💻 Affected Systems

Products:

Linux kernel with alcor_pci driver

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Alcor Micro card reader hardware using the alcor_pci driver. Vulnerability triggers when device is attached directly to root complex without PCI bridge.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially causing data loss or service disruption.

🟠

Likely Case

System crash or kernel panic when specific hardware configurations are present, requiring physical or local access to trigger.

🟢

If Mitigated

Minimal impact with proper access controls preventing local attackers from loading malicious modules or accessing hardware.

🌐 Internet-Facing: LOW - Requires local access to trigger, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local attackers with hardware access could cause denial of service on vulnerable systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access and specific hardware configuration. Triggering the NULL dereference is straightforward once conditions are met.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 09d154990ca82d14aed2b72796f6c8845e2e605d, 3ce3e45cc333da707d4d6eb433574b990bcc26f5, 58f69684ba03e5b0e0a3ae844a845280c0f06309, 717cf5ae52322ddbdf3ac2c584b34c5970b0d174, d2639ffdcad463b358b6bef8645ff81715daffcb

Vendor Advisory: https://git.kernel.org/stable/c/09d154990ca82d14aed2b72796f6c8845e2e605d

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable alcor_pci module

linux

Prevent loading of vulnerable driver if Alcor hardware is not needed

echo 'blacklist alcor_pci' >> /etc/modprobe.d/blacklist.conf
rmmod alcor_pci

Restrict module loading

linux

Prevent unauthorized loading of kernel modules

sysctl -w kernel.modules_disabled=1

🧯 If You Can't Patch

Restrict physical and local access to systems with Alcor hardware
Implement strict access controls and monitoring for local users

🔍 How to Verify

Check if Vulnerable:

Check if alcor_pci module is loaded: lsmod | grep alcor_pci. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits. Test with Alcor hardware attached directly to root complex.

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages mentioning NULL pointer dereference at 00000000000000c0
alcor_pci driver crash in kernel logs
BUG: kernel NULL pointer dereference in alcor_pci_probe

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND "NULL pointer dereference" AND "alcor_pci"

📊 Metadata

CVE ID: CVE-2021-47333

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: May 21, 2024

Last Updated: April 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47333, you might also want to check these: