A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1989165 | Issue Tracking Patch Third Party Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f0d6d9883c13174669f88adac4f0ee656cc16a | Mailing List Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html | Mailing List Third Party Advisory |
https://www.debian.org/security/2021/dsa-4978 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
27 Oct 2022, 12:29
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html - Mailing List, Third Party Advisory | |
CWE | CWE-835 |
01 Jan 2022, 17:58
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
17 Dec 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Oct 2021, 11:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html - Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2021/dsa-4978 - Third Party Advisory |
16 Oct 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Sep 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Aug 2021, 12:51
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 2.1
v3 : 5.5 |
CPE | cpe:2.3:o:linux:linux_kernel:5.14:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.14:-:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.14:rc1:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
|
CWE | CWE-400 | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f0d6d9883c13174669f88adac4f0ee656cc16a - Mailing List, Patch, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1989165 - Issue Tracking, Patch, Third Party Advisory |
05 Aug 2021, 20:39
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-05 20:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-3679
Mitre link : CVE-2021-3679
CVE.ORG link : CVE-2021-3679
JSON object : View
Products Affected
redhat
- enterprise_linux
debian
- debian_linux
linux
- linux_kernel