PT-2021-2499 · Linux+7 · Linux Kernel+7

Amir Goldstein

·

Published

2021-03-04

·

Updated

2023-05-17

·

CVE-2021-28950

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.11.8
Description: The issue is related to a problem in the fs/fuse/fuse i.h file of the Linux kernel, where a resource is accessed through incompatible types. This can lead to a "stall on CPU" because a retry loop continually finds the same bad inode. Exploitation of this issue may allow an attacker to cause a denial of service.
Recommendations: For Linux kernel versions prior to 5.11.8, update to version 5.11.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the fs/fuse/fuse i.h file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-834

Related Identifiers

ALSA-2021:4356
ALT-PU-2021-1530
ALT-PU-2021-1540
ALT-PU-2021-1869
ALT-PU-2021-1888
ALT-PU-2021-1896
ALT-PU-2022-1240
ALT-PU-2022-1419
ALT-PU-2022-1421
ALT-PU-2023-1814
AZL-6538
BDU:2021-01875
CESA-2021_4140
CESA-2021_4356
CVE-2021-28950
DLA-2689-1
DLA-2941-1
DSA-5096-1
OPENSUSE-SU-2021:0579-1
OPENSUSE-SU-2021:0758-1
OPENSUSE-SU-2021:1975-1
OPENSUSE-SU-2021:1977-1
OPENSUSE-SU-2021_0579-1
OPENSUSE-SU-2021_0758-1
OPENSUSE-SU-2021_1975-1
OPENSUSE-SU-2021_1977-1
RHSA-2021:4140
RHSA-2021:4356
RHSA-2021:4648
RHSA-2021:4650
RHSA-2021_4140
RHSA-2021_4356
SUSE-SU-2021:1211-1
SUSE-SU-2021:1238-1
SUSE-SU-2021:1301-1
SUSE-SU-2021:14724-1
SUSE-SU-2021:1572-1
SUSE-SU-2021:1573-1
SUSE-SU-2021:1595-1
SUSE-SU-2021:1596-1
SUSE-SU-2021:1605-1
SUSE-SU-2021:1617-1
SUSE-SU-2021:1623-1
SUSE-SU-2021:1624-1
SUSE-SU-2021:1625-1
SUSE-SU-2021:1975-1
SUSE-SU-2021:1977-1
SUSE-SU-2021_14724-1
USN-4911-1
USN-4982-1
USN-4984-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu