CVE-2021-47386 – This CVE describes a NULL pointer dereference v... (How to Fix)

Q: What is the severity of CVE-2021-47386?

CVE-2021-47386 has a CVSS score of 7.8 (HIGH). This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's w83791d hardware monitoring driver. An attacker with local access could trigger a kernel panic or potentially execute arbitrary code by reading specific values from the device. This affects Linux systems using the w83791d driver for hardware monitoring.

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's w83791d hardware monitoring driver. An attacker with local access could trigger a kernel panic or potentially execute arbitrary code by reading specific values from the device. This affects Linux systems using the w83791d driver for hardware monitoring.

💻 Affected Systems

Products:

Linux kernel

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with w83791d hardware monitoring chip and the driver loaded. Many systems may not have this specific hardware.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, denial of service, or potential privilege escalation to kernel-level code execution.

🟠

Likely Case

Local denial of service through kernel panic or system crash.

🟢

If Mitigated

Minimal impact if proper access controls prevent local attackers from accessing the vulnerable driver.

🌐 Internet-Facing: LOW - Requires local access to the system.

🏢 Internal Only: MEDIUM - Local attackers or malicious users could exploit this to cause system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to interact with the hardware monitoring device. The specific conditions for triggering are described in the CVE description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Linux kernel stable releases via commits referenced in CVE

Vendor Advisory: https://git.kernel.org/stable/c/16887ae4e3defd2c4e7913b6c539f33eaf4eac5c

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable w83791d module

linux

Prevent loading of vulnerable driver if hardware is not needed

echo 'blacklist w83791d' >> /etc/modprobe.d/blacklist.conf
rmmod w83791d

🧯 If You Can't Patch

Restrict local access to prevent potential attackers from exploiting the vulnerability
Monitor system logs for kernel panics or unexpected crashes that could indicate exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if w83791d module is loaded: lsmod | grep w83791d AND check kernel version against patched versions

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated to patched version and w83791d module loads without issues

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
NULL pointer dereference errors in kernel logs
System crash/reboot events

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "w83791d")

📊 Metadata

CVE ID: CVE-2021-47386

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-476

Published: May 21, 2024

Last Updated: April 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47386, you might also want to check these: