PT-2021-8225 · Linux+6 · Linux Kernel+6

Syzbot

·

Published

2021-11-04

·

Updated

2024-12-02

·

CVE-2021-47579

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to errors in resource management within the ovl component of the Linux kernel, specifically in the ovl create real() and ovl mkdir real() functions. This can potentially lead to a denial of service. The problem arises because the cgroup2 filesystem returns from mkdir without instantiating the new dentry, which can trigger a warning in ovl workdir create() -> ovl create real(). To prevent this warning, it's suggested to call ovl mkdir real() directly from ovl workdir create() and reject such cases early.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALSA-2024:5101
ALSA-2024:5102
BDU:2024-11538
CESA-2024_5101
CESA-2024_5102
CVE-2021-47579
INFSA-2024_5101
INFSA-2024_5102
RHSA-2024:2394
RHSA-2024:5101
RHSA-2024:5102
RHSA-2024_2394
RHSA-2024_5101
RHSA-2024_5102
RLSA-2024:5101
RLSA-2024:5102
RXSA-2024:5101

Affected Products

Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Red Os
Rocky Linux