SB20240603107 - Improper locking in Linux kernel trace

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2021-46939)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the trace_clock_global() function in kernel/trace/trace_clock.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/91ca6f6a91f679c8645d7f3307e03ce86ad518c4
• https://git.kernel.org/stable/c/859b47a43f5a0e5b9a92b621dc6ceaad39fb5c8b
• https://git.kernel.org/stable/c/1fca00920327be96f3318224f502e4d5460f9545
• https://git.kernel.org/stable/c/d43d56dbf452ccecc1ec735cd4b6840118005d7c
• https://git.kernel.org/stable/c/c64da3294a7d59a4bf6874c664c13be892f15f44
• https://git.kernel.org/stable/c/a33614d52e97fc8077eb0b292189ca7d964cc534
• https://git.kernel.org/stable/c/6e2418576228eeb12e7ba82edb8f9500623942ff
• https://git.kernel.org/stable/c/2a1bd74b8186d7938bf004f5603f25b84785f63e
• https://git.kernel.org/stable/c/aafe104aa9096827a429bc1358f8260ee565b7cc
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.233
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.269
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.269
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.36
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.20
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.3
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.118