#VU89261 Deadlock in Linux kernel


Published: 2024-05-08

Vulnerability identifier: #VU89261

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46989

CWE-ID: CWE-833

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to deadlock within the inhfsplus_file_truncate() function in fs/hfsplus/extents.c. A local user can crash the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/52dde855663e5db824af51db39b5757d2ef3e28a
http://git.kernel.org/stable/c/c451a6bafb5f422197d31536f82116aed132b72c
http://git.kernel.org/stable/c/adbd8a2a8cc05d9e501f93e5c95c59307874cc99
http://git.kernel.org/stable/c/c477f62db1a0c0ecaa60a29713006ceeeb04b685
http://git.kernel.org/stable/c/97314e45aa1223a42d60256a62c5d9af54baf446
http://git.kernel.org/stable/c/c3187cf32216313fb316084efac4dab3a8459b1d

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell Cloud Tiering Appliance
openEuler 20.03 LTS SP4 update for kernel
openEuler 20.03 LTS SP1 update for kernel
Denial of service in Linux kernel hfsplus