CVE-2021-33630: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-33630 is a NULL Pointer Dereference vulnerability discovered in the openEuler kernel's network scheduler module, specifically affecting the net/sched/sch_cbs.C component. The vulnerability affects openEuler kernel versions from 4.19.90 before 4.19.90-2401.3 (NVD).

The vulnerability occurs when offloading is enabled and involves a NULL pointer dereference in the CBS (Credit-Based Shaper) scheduler module. The issue manifests when removing a CBS instance with offloading enabled, leading to a crash. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (NVD, Kernel Commit).

When exploited, this vulnerability can cause a kernel crash through a NULL pointer dereference, leading to a denial of service condition. The impact is limited to availability, with no direct effects on confidentiality or integrity (NVD).

The vulnerability has been fixed in multiple kernel versions through a patch that ensures CBS instances are unconditionally added to the global list. The fix has been backported to various kernel versions including 4.14.312, 4.19.280, 5.4.240, 5.10.177, 5.15.87, 6.0.18, 6.1.4, and 6.2 (OSS Security).

The Linux kernel maintainers have acknowledged and addressed the issue promptly. Greg KH, a prominent kernel maintainer, confirmed that all actively supported kernel.org releases have been patched (OSS Security).