PT-2021-4225 · Linux+8 · Linux Kernel+8

Bodong Zhao

·

Published

2021-03-26

·

Updated

2023-05-17

·

CVE-2021-31916

CVSS v2.0

6.8

Medium

VectorAV:L/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12
Description An out-of-bounds memory write flaw was found in the list devices function in the Multi-device driver module. This flaw allows an attacker with special user privilege, specifically CAP SYS ADMIN, to access out-of-bounds memory, potentially leading to a system crash or a leak of internal kernel information. The highest threat from this issue is to system availability.
Recommendations For Linux kernel versions prior to 5.12, update to version 5.12 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CAP SYS ADMIN privilege to minimize the risk of exploitation.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2021:4356
ALT-PU-2021-1833
ALT-PU-2021-1888
ALT-PU-2021-1896
ALT-PU-2021-1983
ALT-PU-2021-3481
ALT-PU-2022-1240
ALT-PU-2022-1419
ALT-PU-2022-1421
ALT-PU-2023-1814
AZL-6558
BDU:2021-04829
CESA-2021_4140
CESA-2021_4356
CVE-2021-31916
DLA-2689-1
DLA-2690-1
OESA-2021-1176
OPENSUSE-SU-2021:1501-1
OPENSUSE-SU-2021:3806-1
OPENSUSE-SU-2021:3876-1
OPENSUSE-SU-2021:3941-1
OPENSUSE-SU-2021_1501-1
OPENSUSE-SU-2021_3806-1
OPENSUSE-SU-2021_3876-1
OPENSUSE-SU-2021_3941-1
RHSA-2021:4140
RHSA-2021:4356
RHSA-2021_4140
RHSA-2021_4356
SUSE-SU-2021:3806-1
SUSE-SU-2021:3807-1
SUSE-SU-2021:3848-1
SUSE-SU-2021:3876-1
SUSE-SU-2021:3877-1
SUSE-SU-2021:3929-1
SUSE-SU-2021:3933-1
SUSE-SU-2021:3935-1
SUSE-SU-2021:3941-1
SUSE-SU-2021:3969-1
SUSE-SU-2021:3972-1
SUSE-SU-2021:3978-1
SUSE-SU-2021:3979-1
SUSE-SU-2021:3992-1
USN-4948-1
USN-4979-1
USN-4982-1
USN-4984-1
USN-5361-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Suse
Ubuntu