CVE-2021-47645 – A NULL pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2021-47645?

CVE-2021-47645 has a CVSS score of 5.5 (MEDIUM). A NULL pointer dereference vulnerability in the Linux kernel's Zoran media driver allows local attackers to cause a kernel panic or system crash. This affects systems using the staging media driver for Zoran-based video capture cards. Only local users with access to the affected driver can trigger this vulnerability.

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's Zoran media driver allows local attackers to cause a kernel panic or system crash. This affects systems using the staging media driver for Zoran-based video capture cards. Only local users with access to the affected driver can trigger this vulnerability.

💻 Affected Systems

Products:

Linux kernel with Zoran media driver enabled

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions with vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if CONFIG_VIDEO_ZORAN is enabled and the driver is loaded. Many distributions don't enable this by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local denial of service causing kernel panic and system crash, potentially leading to data loss or service disruption.

🟠

Likely Case

Local denial of service causing system instability or crash when specific media operations are performed.

🟢

If Mitigated

Minimal impact if proper access controls prevent unauthorized users from accessing the media subsystem.

🌐 Internet-Facing: LOW - Requires local access to the system, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local users or processes with access to the media subsystem could cause system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to interact with the Zoran media driver. No known public exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Linux kernel stable releases via commits referenced in CVE

Vendor Advisory: https://git.kernel.org/stable/c/20811bbe685ca3eddd34b0c750860427d7030910

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution. 2. Reboot system to load new kernel. 3. Verify Zoran driver is not loaded if not needed.

🔧 Temporary Workarounds

Disable Zoran media driver

linux

Prevent loading of vulnerable driver module

echo 'blacklist zoran' >> /etc/modprobe.d/blacklist.conf
rmmod zoran

Restrict access to media devices

linux

Limit which users can access video capture devices

chmod 600 /dev/video*
setfacl -m u:root:rw /dev/video*

🧯 If You Can't Patch

Disable the Zoran media driver if not required for system functionality
Implement strict access controls to prevent unauthorized users from accessing media devices

🔍 How to Verify

Check if Vulnerable:

Check if Zoran driver is loaded: lsmod | grep zoran AND check kernel version against distribution security advisories

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is patched AND Zoran driver is either not loaded or updated version

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
NULL pointer dereference errors in kernel logs
Media subsystem crash logs

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("NULL pointer dereference" OR "zoran" OR "media: staging")

📊 Metadata

CVE ID: CVE-2021-47645

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.03% exploit probability (7.6th percentile)

Published: February 26, 2025

Last Updated: October 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47645, you might also want to check these: