#VU93835 Resource management error in Linux kernel - CVE-2021-47579
Vulnerability identifier: #VU93835
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ovl_create_real() function in fs/overlayfs/super.c, within the ovl_mkdir_real() function in fs/overlayfs/dir.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/445d2dc63e5871d218f21b8f62ab29ac72f2e6b8
https://git.kernel.org/stable/c/f9f300a92297be8250547347fd52216ef0177ae0
https://git.kernel.org/stable/c/6859985a2fbda5d1586bf44538853e1be69e85f7
https://git.kernel.org/stable/c/d2ccdd4e4efab06178608a34d7bfb20a54104c02
https://git.kernel.org/stable/c/1f5573cfe7a7056e80a92c7a037a3e69f3a13d1c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
