NULL Pointer Dereference Affecting kernel-tools-devel package, versions <0:4.14.241-184.433.amzn2


Severity

Recommended
high

Based on Amazon Linux security rating.

Threat Intelligence

EPSS
0.26% (17th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-AMZN2-KERNELTOOLSDEVEL-10264259
  • published30 May 2025
  • disclosed21 May 2024

Introduced: 21 May 2024

CVE-2021-47340  (opens in a new tab)
CWE-476  (opens in a new tab)

How to fix?

Upgrade Amazon-Linux:2 kernel-tools-devel to version 0:4.14.241-184.433.amzn2 or higher.
This issue was patched in ALAS2-2021-1696.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-tools-devel package and not the kernel-tools-devel package as distributed by Amazon-Linux. See How to fix? for Amazon-Linux:2 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

jfs: fix GPF in diFree

Avoid passing inode with JFS_SBI(inode->i_sb)->ipimap == NULL to diFree()[1]. GFP will appear:

struct inode *ipimap = JFS_SBI(ip-&gt;i_sb)-&gt;ipimap;
struct inomap *imap = JFS_IP(ipimap)-&gt;i_imap;

JFS_IP() will return invalid pointer when ipimap == NULL

Call Trace: diFree+0x13d/0x2dc0 fs/jfs/jfs_imap.c:853 [1] jfs_evict_inode+0x2c9/0x370 fs/jfs/inode.c:154 evict+0x2ed/0x750 fs/inode.c:578 iput_final fs/inode.c:1654 [inline] iput.part.0+0x3fe/0x820 fs/inode.c:1680 iput+0x58/0x70 fs/inode.c:1670

CVSS Base Scores

version 3.1