CVE-2021-20265

CWE-400 — Uncontrolled Resource Consumption CWE-401 — Memory Leak6 documents6 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 87.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Tekelec Platform Distribution

Timeline

PublishedMar 10

Latest updateMay 24

Description

A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Debianlinux< 4.4.4-1+3

▶CVEListV5kernelLinux kernel 4.5-rc3

▶NVDoracle/tekelec_platform_distribution7.4.0 — 7.7.1

Patches

Patch: bugzilla.redhat.com ↗Patch: git.kernel.org ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-7j7j-cjf4-3c2x: A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending↗2022-05-24

▶

OSV

CVE-2021-20265: A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending↗2021-03-10

▶

CVEList

CVE-2021-20265: A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending↗2021-03-10

▶

📋Vendor Advisories

Debian

CVE-2021-20265: linux - A flaw was found in the way memory resources were freed in the unix_stream_recvm...↗2021

▶

Red Hat

kernel: increase slab leak leads to DoS↗2016-01-24

▶