Denial of service in Linux kernel powerpc
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-46990 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU88890
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-46990
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in arch/powerpc/lib/feature-fixups.c. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsLinux kernel: 4.4 - 5.13 rc5
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.0-57:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/8382b15864e5014261b4f36c2aa89723612ee058
https://git.kernel.org/stable/c/0c25a7bb697f2e6ee65b6d63782f675bf129511a
https://git.kernel.org/stable/c/ee4b7aab93c2631c3bb0753023c5dda592bb666b
https://git.kernel.org/stable/c/2db22ba4e0e103f00e0512e0ecce36ac78c644f8
https://git.kernel.org/stable/c/0b4eb172cc12dc102cd0ad013e53ee4463db9508
https://git.kernel.org/stable/c/d2e3590ca39ccfd8a5a46d8c7f095cb6c7b9ae92
https://git.kernel.org/stable/c/dd0d6117052faace5440db20fc37175efe921c7d
https://git.kernel.org/stable/c/5bc00fdda1e934c557351a9c751a205293e68cbf
https://git.kernel.org/stable/c/aec86b052df6541cc97c5fca44e5934cbea4963b
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.233
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.269
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.269
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.38
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.22
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.5
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.120
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
