#VU93384 Race condition in Linux kernel


Published: 2024-06-26

Vulnerability identifier: #VU93384

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46963

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the qla2xxx_mqueuecommand() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/c5ab9b67d8b061de74e2ca51bf787ee599bd7f89
http://git.kernel.org/stable/c/77509a238547863040a42d57c72403f7d4c89a8f
http://git.kernel.org/stable/c/702cdaa2c6283c135ef16d52e0e4e3c1005aa538
http://git.kernel.org/stable/c/80ef24175df2cba3860d0369d1c662b49ee2de56
http://git.kernel.org/stable/c/a73208e3244127ef9f2cdf24e4adb947aaa32053
http://git.kernel.org/stable/c/6641df81ab799f28a5d564f860233dd26cca0d93

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell Data Protection Central
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Race condition in Linux kernel scsi qla2xxx driver