PT-2021-2559 · Linux+9 · Linux Kernel+9
Arnd Bergmann
·
Published
2021-01-12
·
Updated
2023-05-17
·
CVE-2021-30002
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 5.11.3
Description:
An issue was discovered in the Linux kernel when a webcam device exists, related to a memory leak in the
video usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c for large arguments. This can lead to a denial of service.Recommendations:
For Linux kernel versions prior to 5.11.3, update to version 5.11.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the
video usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c to minimize the risk of exploitation.Fix
Missing Release of Resource after Effective Lifetime
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu