CVE-2021-47645: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-47645 affects the Linux kernel's media subsystem, specifically in the Zoran driver's buffer handling functionality. The vulnerability was discovered and disclosed on February 26, 2025. The issue occurs in the zoranreapstatcom function where the buffer number calculation is incorrect when tmpdcim=1, leading to a NULL pointer dereference (NVD, Ubuntu).

The vulnerability exists in the zoranreapstatcom function within the Linux kernel's Zoran driver. When tmpdcim=1, the index of buffer is miscalculated due to an incorrect formula: ((zr->jpgdmatail - zr->jpgerrshift) & 1) * 2 + 1. This miscalculation leads to a NULL pointer dereference when accessing the buffer later in the code execution (Kernel Commit).

The vulnerability can result in a NULL pointer dereference in the Linux kernel, which could lead to a system crash or denial of service condition. This affects systems running the affected versions of the Linux kernel with the Zoran media driver enabled (NVD).

The issue has been fixed in the Linux kernel through a patch that corrects the buffer number calculation and adds additional error checking. The fix changes the calculation to ((zr->jpgdmatail - zr->jpgerrshift) & 1) * 2 and adds a NULL pointer check before accessing the buffer (Kernel Commit).