PT-2021-4122 · Linux+3 · Linux Kernel+3

Christophe Leroy

Published

2021-06-18

Updated

2023-05-17

CVE-2021-38200

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.13

Description The issue is related to a NULL pointer dereference in the arch/powerpc/perf/core-book3s.c file of the Linux kernel. This can be exploited by local users to cause a denial of service (perf instruction pointer NULL pointer dereference and OOPS) via a "perf record" command, on systems with perf event paranoid=-1 and no specific PMU driver support registered.

Recommendations For Linux kernel versions prior to 5.12.13, update to version 5.12.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the "perf record" command to minimize the risk of exploitation. Additionally, setting perf event paranoid to a value other than -1 may also help mitigate the risk.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2021-2050

ALT-PU-2021-2199

ALT-PU-2021-2315

ALT-PU-2021-2326

ALT-PU-2021-2330

ALT-PU-2021-3481

ALT-PU-2022-1240

ALT-PU-2022-1419

ALT-PU-2022-1421

ALT-PU-2023-1814

AZL-6584

BDU:2021-04712

CVE-2021-38200

USN-5070-1

Affected Products

Alt Linux

Linuxmint

Linux Kernel

Ubuntu

PT-2021-4122 · Linux+3 · Linux Kernel+3

CVE-2021-38200

Weakness Enumeration

Related Identifiers

Affected Products

References · 26