Improper locking in Linux kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-46921 |
| CWE-ID | CWE-667 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper locking
EUVDB-ID: #VU88214
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46921
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to improper locking within the queued_write_lock_slowpath() function in kernel/locking/qrwlock.c. A local user can crash the kernel.
Install updates from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/5902f9453a313be8fe78cbd7e7ca9dba9319fc6e
http://git.kernel.org/stable/c/82808cc026811fbc3ecf0c0b267a12a339eead56
http://git.kernel.org/stable/c/82fa9ced35d88581cffa4a1c856fc41fca96d80a
http://git.kernel.org/stable/c/d558fcdb17139728347bccc60a16af3e639649d2
http://git.kernel.org/stable/c/84a24bf8c52e66b7ac89ada5e3cfbe72d65c1896
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
