Improper locking in Linux kernel net driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-47574 |
| CWE-ID | CWE-667 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper locking
EUVDB-ID: #VU92358
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47574
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xennet_open(), xennet_tx_buf_gc(), xennet_close(), xennet_get_extras(), xennet_fill_frags(), __skb_queue_tail(), xennet_set_features(), setup_netfront_single(), setup_netfront_split() and xennet_init_queue() functions in drivers/net/xen-netfront.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.4 - 5.16 rc8
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.0-57:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/81900aa7d7a130dec4c55b68875e30fb8c9effec
https://git.kernel.org/stable/c/99120c8230fdd5e8b72a6e4162db9e1c0a61954a
https://git.kernel.org/stable/c/4bf81386e3d6e5083c93d51eff70260bcec091bb
https://git.kernel.org/stable/c/3559ca594f15fcd23ed10c0056d40d71e5dab8e5
https://git.kernel.org/stable/c/3e68d099f09c260a7dee28b99af02fe6977a9e66
https://git.kernel.org/stable/c/d31b3379179d64724d3bbfa87bd4ada94e3237de
https://git.kernel.org/stable/c/a29c8b5226eda52e6d6ff151d9343558ea3ad451
https://git.kernel.org/stable/c/b27d47950e481f292c0a5ad57357edb9d95d03ba
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.259
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.222
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.296
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.294
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.88
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.168
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
