#VU89260 State Issues in Linux kernel - CVE-2021-47086

Vulnerability identifier: #VU89260

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47086

CWE-ID: CWE-371

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect handling of the socket state within the pep_ioctl() function in net/phonet/pep.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/0bbdd62ce9d44f3a22059b3d20a0df977d9f6d59
https://git.kernel.org/stable/c/b10c7d745615a092a50c2e03ce70446d2bec2aca
https://git.kernel.org/stable/c/311601f114859d586d5ef8833d60d3aa23282161
https://git.kernel.org/stable/c/982b6ba1ce626ef87e5c29f26f2401897554f235
https://git.kernel.org/stable/c/48c76fc53582e7f13c1e0b11c916e503256c4d0b
https://git.kernel.org/stable/c/52ad5da8e316fa11e3a50b3f089aa63e4089bf52
https://git.kernel.org/stable/c/53ccdc73eedaf0e922c45b569b797d2796fbaafa
https://git.kernel.org/stable/c/75a2f31520095600f650597c0ac41f48b5ba0068

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.