Resource management error in Linux kernel

#VU93835 Resource management error in Linux kernel

Published: 2024-07-07

Vulnerability identifier: #VU93835

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47579

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ovl_create_real() function in fs/overlayfs/super.c, within the ovl_mkdir_real() function in fs/overlayfs/dir.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/445d2dc63e5871d218f21b8f62ab29ac72f2e6b8
http://git.kernel.org/stable/c/f9f300a92297be8250547347fd52216ef0177ae0
http://git.kernel.org/stable/c/6859985a2fbda5d1586bf44538853e1be69e85f7
http://git.kernel.org/stable/c/d2ccdd4e4efab06178608a34d7bfb20a54104c02
http://git.kernel.org/stable/c/1f5573cfe7a7056e80a92c7a037a3e69f3a13d1c

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.13

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.15

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.15 packages

Red Hat Enterprise Linux 8 update for kernel-rt

Red Hat Enterprise Linux 8 update for kernel

Resource management error in Linux kernel overlayfs