Improper Initialization in Linux kernel

#VU93607 Improper Initialization in Linux kernel

Cybersecurity Help s.r.o.

Published: 2024-07-02

Vulnerability identifier: #VU93607

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47261

CWE-ID: CWE-665

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the destroy_cq_user(), create_cq_kernel() and resize_kernel() functions in drivers/infiniband/hw/mlx5/cq.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/1ec2dcd680c71d0d36fa25638b327a468babd5c9
http://git.kernel.org/stable/c/e3ecd9c09fcc10cf6b2bc67e2990c397c40a8c26
http://git.kernel.org/stable/c/91f7fdc4cc10542ca1045c06aad23365f0d067e0
http://git.kernel.org/stable/c/3e670c54eda238cb8a1ea93538a79ae89285c1c4
http://git.kernel.org/stable/c/2ba0aa2feebda680ecfc3c552e867cf4d1b05a3a

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Improper Initialization in Linux kernel hw mlx5 driver