CVE-2021-47572: 
Linux Kernel vulnerability analysis and mitigation

A null pointer dereference vulnerability was discovered in the Linux kernel's nexthop functionality when IPv6 is not enabled. The vulnerability exists in the error path of nh_create_ipv6() function due to calling ipv6_stub->fib6_nh_release when IPv6 support is disabled (!CONFIG_IPV6). The issue has been present since the introduction of IPv6 nexthop gateway support (Kernel Patch).

The vulnerability occurs in the nh_create_ipv6() function's error handling path. When attempting to add an IPv6 nexthop with IPv6 disabled, the code calls ipv6_stub->fib6_nh_release after fib6_nh_init returns an error. However, only fib6_nh_init has a dummy stub implementation, while fib6_nh_release does not, leading to a null pointer dereference. The issue was introduced because fib6_nh_release should not be called if fib6_nh_init returns an error (NVD).

When triggered, this vulnerability results in a kernel NULL pointer dereference, which can cause a system crash. This creates a denial of service condition on affected systems when attempting to configure IPv6 nexthop functionality on systems where IPv6 is not enabled (Kernel Patch).

The issue has been fixed by modifying the error handling in nh_create_ipv6() to return the dummy stub's -EAFNOSUPPORT error directly without calling ipv6_stub->fib6_nh_release when IPv6 is not enabled. Users should update to a patched kernel version that includes this fix (Kernel Patch).