Denial of service in Linux kernel Phonet



Published: 2024-05-08
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-47086
CWE-ID CWE-371
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) State Issues

EUVDB-ID: #VU89260

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47086

CWE-ID: CWE-371 - State Issues

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect handling of the socket state within the pep_ioctl() function in net/phonet/pep.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/0bbdd62ce9d44f3a22059b3d20a0df977d9f6d59
http://git.kernel.org/stable/c/b10c7d745615a092a50c2e03ce70446d2bec2aca
http://git.kernel.org/stable/c/311601f114859d586d5ef8833d60d3aa23282161
http://git.kernel.org/stable/c/982b6ba1ce626ef87e5c29f26f2401897554f235
http://git.kernel.org/stable/c/48c76fc53582e7f13c1e0b11c916e503256c4d0b
http://git.kernel.org/stable/c/52ad5da8e316fa11e3a50b3f089aa63e4089bf52
http://git.kernel.org/stable/c/53ccdc73eedaf0e922c45b569b797d2796fbaafa
http://git.kernel.org/stable/c/75a2f31520095600f650597c0ac41f48b5ba0068


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###