PT-2021-8272 · Linux+3 · Linux Kernel+3

Paul Aurich

Published

2021-04-13

Updated

2024-12-11

CVE-2021-46960

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.0-70-generic #78~18.04.1-Ubuntu

Description The issue is related to the Linux kernel's CIFS component, specifically with the return of an incorrect error code from the smb2 get enc key function. This can lead to a warning when the error percolates back up. The vulnerability may allow an attacker to cause a denial of service. The error is related to the errseq set function in the errseq.c file. The call trace includes functions such as filemap set wb err, cifs writepages, do writepages, filemap fdatawrite range, filemap write and wait, cifs setattr, notify change, utimes common, do utimes, and x64 sys utimensat.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-393

Related Identifiers

BDU:2025-00822

CVE-2021-46960

OPENSUSE-SU-2024_1489-1

RHSA-2025:2265

SUSE-SU-2024:1454-1

SUSE-SU-2024:1465-1

SUSE-SU-2024:1489-1

SUSE-SU-2024:1643-1

SUSE-SU-2024:1646-1

SUSE-SU-2024:1870-1

USN-6938-1

Affected Products

Astra Linux

Linux Kernel

Suse

Ubuntu

PT-2021-8272 · Linux+3 · Linux Kernel+3

CVE-2021-46960

Weakness Enumeration

Related Identifiers

Affected Products

References · 647