SB2024062560 - Resource management error in Linux kernel netrom

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2021-47294)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nr_heartbeat_expiry(), nr_t2timer_expiry(), nr_t4timer_expiry(), nr_idletimer_expiry() and nr_t1timer_expiry() functions in net/netrom/nr_timer.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/853262355518cd1247515b74e83fabf038aa6c29
• https://git.kernel.org/stable/c/a01634bf91f2b6c42583770eb6815fb6d1e251cf
• https://git.kernel.org/stable/c/48866fd5c361ea417ed24b43fc2a7dc2f5b060ef
• https://git.kernel.org/stable/c/9619cc7d97c3aa8ed3cfd2b8678b74fb6d6c7950
• https://git.kernel.org/stable/c/25df44e90ff5959b5c24ad361b648504a7e39ef3
• https://git.kernel.org/stable/c/6811744bd0efb9e472cb15d066cdb460beb8cb8a
• https://git.kernel.org/stable/c/bc1660206c3723c37ed4d622ad81781f1e987250
• https://git.kernel.org/stable/c/517a16b1a88bdb6b530f48d5d153478b2552d9a8
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.241
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.199
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.277
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.277
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.54
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.6
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.136