Denial of service in Linux kernel Phonet
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-47086 |
| CWE-ID | CWE-371 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) State Issues
EUVDB-ID: #VU89260
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47086
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of the socket state within the pep_ioctl() function in net/phonet/pep.c. A local user can perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3 External linkshttps://git.kernel.org/stable/c/0bbdd62ce9d44f3a22059b3d20a0df977d9f6d59
https://git.kernel.org/stable/c/b10c7d745615a092a50c2e03ce70446d2bec2aca
https://git.kernel.org/stable/c/311601f114859d586d5ef8833d60d3aa23282161
https://git.kernel.org/stable/c/982b6ba1ce626ef87e5c29f26f2401897554f235
https://git.kernel.org/stable/c/48c76fc53582e7f13c1e0b11c916e503256c4d0b
https://git.kernel.org/stable/c/52ad5da8e316fa11e3a50b3f089aa63e4089bf52
https://git.kernel.org/stable/c/53ccdc73eedaf0e922c45b569b797d2796fbaafa
https://git.kernel.org/stable/c/75a2f31520095600f650597c0ac41f48b5ba0068
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
