PT-2021-4148 · Linux+8 · Linux Kernel+8
Haoran Luo
·
Published
2021-07-20
·
Updated
2023-08-14
·
CVE-2021-3679
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 5.14-rc3
Description
A lack of CPU resource in the Linux kernel tracing module functionality was found in the way a user uses the trace ring buffer in a specific way. Only privileged local users, with CAP SYS ADMIN capability, could use this flaw to starve the resources, causing a denial of service.
Recommendations
For versions prior to 5.14-rc3, update to version 5.14-rc3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the trace ring buffer functionality to minimize the risk of exploitation. Additionally, limiting the capabilities of local users to prevent them from obtaining the CAP SYS ADMIN capability can also help mitigate the risk.
Exploit
Fix
DoS
Infinite Loop
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu