Vulnerability identifier: #VU93664

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47276

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ftrace_hash_ipmodify_update() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

---

External links
http://git.kernel.org/stable/c/0bc62e398bbd9e600959e610def5109957437b28
http://git.kernel.org/stable/c/4aedc2bc2b32c93555f47c95610efb89cc1ec09b
http://git.kernel.org/stable/c/acf671ba79c1feccc3ec7cfdcffead4efcec49e7
http://git.kernel.org/stable/c/862dcc14f2803c556bdd73b43c27b023fafce2fb
http://git.kernel.org/stable/c/7e4e824b109f1d41ccf223fbb0565d877d6223a2
http://git.kernel.org/stable/c/97524384762c1fb9b3ded931498dd2047bd0de81
http://git.kernel.org/stable/c/3e4ddeb68751fb4fb657199aed9cfd5d02796875
http://git.kernel.org/stable/c/6c14133d2d3f768e0a35128faac8aa6ed4815051

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.