#VU93189 Resource management error in Linux kernel - CVE-2021-47387
Vulnerability identifier: #VU93189
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sugov_tunables_free(), sugov_tunables_alloc(), sugov_init() and sugov_exit() functions in kernel/sched/cpufreq_schedutil.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/cb4a53ba37532c861a5f3f22803391018a41849a
https://git.kernel.org/stable/c/463c46705f321201090b69c4ad5da0cd2ce614c9
https://git.kernel.org/stable/c/30d57cf2c4116ca6d34ecd1cac94ad84f8bc446c
https://git.kernel.org/stable/c/67c98e023135ff81b8d52998a6fdb8ca0c518d82
https://git.kernel.org/stable/c/a7d4fc84404d45d72f4490417e8cc3efa4af93f1
https://git.kernel.org/stable/c/8d62aec52a8c5b1d25a2364b243fcc5098a2ede9
https://git.kernel.org/stable/c/e5c6b312ce3cc97e90ea159446e6bfa06645364d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
