PT-2021-2487 · Linux+3 · Linux Kernel+3

Syzbot

Published

2021-03-04

Updated

2023-05-17

CVE-2021-28951

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.11.8

Description: An issue in the Linux kernel allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start. The issue is caused by synchronization errors when using a shared resource in the fs/io uring.c file.

Recommendations: For Linux kernel versions through 5.11.8, update to a version later than 5.11.8 to resolve the issue. As a temporary workaround, consider restricting the use of the SQPOLL thread to minimize the risk of exploitation. Avoid using the affected fs/io uring.c file until the issue is resolved. At the moment, there is no other information about additional mitigation measures for this issue.

Exploit

Fix

DoS

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALT-PU-2021-1566

ALT-PU-2021-1609

ALT-PU-2021-1869

ALT-PU-2021-1888

ALT-PU-2021-1896

ALT-PU-2022-1240

ALT-PU-2022-1419

ALT-PU-2022-1421

ALT-PU-2023-1814

AZL-6539

BDU:2021-01863

CVE-2021-28951

MGASA-2021-0174

MGASA-2021-0175

USN-4948-1

Affected Products

Alt Linux

Linuxmint

Linux Kernel

Ubuntu

PT-2021-2487 · Linux+3 · Linux Kernel+3

CVE-2021-28951

Weakness Enumeration

Related Identifiers

Affected Products

References · 130