PT-2024-11060 · Linux+7 · Linux Kernel+7

Konstantin Kharlamov

+1

·

Published

2021-04-30

·

Updated

2024-09-17

·

CVE-2021-46939

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been resolved, related to the tracing feature. The issue occurred when a fix to the ring buffer recursion detection caused a hung machine during suspend/resume testing. The problem arose from the trace clock global() function taking a spin lock and then trying to take it again, resulting in a dead lock. To address this, the trace clock global() code was restructured to never block, using a trylock to grab the lock for updating the prev time and retrying if it fails.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-662CWE-833CWE-400

Related Identifiers

ALSA-2024:5101
ALSA-2024:5102
BDU:2025-02866
CESA-2024_5101
CESA-2024_5102
CVE-2021-46939
INFSA-2024_5101
INFSA-2024_5102
OPENSUSE-SU-2024_1489-1
RHSA-2024:5101
RHSA-2024:5102
RHSA-2024_5101
RHSA-2024_5102
RLSA-2024:5101
RLSA-2024:5102
RXSA-2024:5101
SUSE-SU-2024:1454-1
SUSE-SU-2024:1465-1
SUSE-SU-2024:1489-1
SUSE-SU-2024:1643-1
SUSE-SU-2024:1646-1
SUSE-SU-2024:1870-1
USN-6778-1

Affected Products

Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu