#VU89260 State Issues in Linux kernel


Published: 2024-05-08

Vulnerability identifier: #VU89260

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47086

CWE-ID: CWE-371

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect handling of the socket state within the pep_ioctl() function in net/phonet/pep.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/0bbdd62ce9d44f3a22059b3d20a0df977d9f6d59
http://git.kernel.org/stable/c/b10c7d745615a092a50c2e03ce70446d2bec2aca
http://git.kernel.org/stable/c/311601f114859d586d5ef8833d60d3aa23282161
http://git.kernel.org/stable/c/982b6ba1ce626ef87e5c29f26f2401897554f235
http://git.kernel.org/stable/c/48c76fc53582e7f13c1e0b11c916e503256c4d0b
http://git.kernel.org/stable/c/52ad5da8e316fa11e3a50b3f089aa63e4089bf52
http://git.kernel.org/stable/c/53ccdc73eedaf0e922c45b569b797d2796fbaafa
http://git.kernel.org/stable/c/75a2f31520095600f650597c0ac41f48b5ba0068

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 20.03 LTS SP4 update for kernel
openEuler 20.03 LTS SP1 update for kernel
Denial of service in Linux kernel Phonet