Denial of service in Linux kernel hfsplus



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-46989
CWE-ID CWE-833
Exploitation vector Local
Public exploit N/A
Vulnerable software
Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Deadlock

EUVDB-ID: #VU89261

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46989

CWE-ID: CWE-833 - Deadlock

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to deadlock within the inhfsplus_file_truncate() function in fs/hfsplus/extents.c. A local user can crash the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3 External links

http://git.kernel.org/stable/c/52dde855663e5db824af51db39b5757d2ef3e28a
http://git.kernel.org/stable/c/c451a6bafb5f422197d31536f82116aed132b72c
http://git.kernel.org/stable/c/adbd8a2a8cc05d9e501f93e5c95c59307874cc99
http://git.kernel.org/stable/c/c477f62db1a0c0ecaa60a29713006ceeeb04b685
http://git.kernel.org/stable/c/97314e45aa1223a42d60256a62c5d9af54baf446
http://git.kernel.org/stable/c/c3187cf32216313fb316084efac4dab3a8459b1d


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###