PT-2021-2462 · Linux+5 · Linux Kernel+5

Syzbot

+1

·

Published

2021-03-10

·

Updated

2023-05-17

·

CVE-2021-29265

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.11.7
Description The issue is related to the implementation of the usbip sockfd store function in the Linux kernel, which allows attackers to cause a denial of service due to race conditions during an update of the local and shared status. This can lead to a general protection fault (GPF). The vulnerability is caused by the use of a shared resource with incorrect synchronization.
Recommendations For Linux kernel versions prior to 5.11.7, update to version 5.11.7 or later to resolve the issue. As a temporary workaround, consider disabling the usbip sockfd store function in the drivers/usb/usbip/stub dev.c file until a patch is available. Restrict access to the vulnerable stub dev.c module to minimize the risk of exploitation.

Exploit

Fix

DoS

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2021-1525
ALT-PU-2021-1530
ALT-PU-2021-1869
ALT-PU-2021-1888
ALT-PU-2021-1896
ALT-PU-2022-1240
ALT-PU-2022-1419
ALT-PU-2022-1421
ALT-PU-2023-1814
AZL-6547
BDU:2021-01828
CVE-2021-29265
DLA-2689-1
OESA-2021-1176
OPENSUSE-SU-2021:0532-1
OPENSUSE-SU-2021:0758-1
OPENSUSE-SU-2021:1975-1
OPENSUSE-SU-2021:1977-1
OPENSUSE-SU-2021_0532-1
OPENSUSE-SU-2021_0758-1
OPENSUSE-SU-2021_1975-1
OPENSUSE-SU-2021_1977-1
SUSE-SU-2021:1175-1
SUSE-SU-2021:1176-1
SUSE-SU-2021:1177-1
SUSE-SU-2021:1210-1
SUSE-SU-2021:1211-1
SUSE-SU-2021:1238-1
SUSE-SU-2021:1573-1
SUSE-SU-2021:1596-1
SUSE-SU-2021:1617-1
SUSE-SU-2021:1623-1
SUSE-SU-2021:1624-1
SUSE-SU-2021:1625-1
SUSE-SU-2021:1975-1
SUSE-SU-2021:1977-1
USN-4945-1
USN-4945-2
USN-4946-1
USN-4949-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu