CVE-2021-20317Improper Initialization in Kernel

CWE-665Improper Initialization11 documents8 sources
Severity
4.4MEDIUMNVD
OSV7.8
EPSS
0.0%
top 96.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxDebian Linux+1 more
Timeline
PublishedSep 27
Latest updateFeb 14

Description

A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages6 packages

NVDlinux/linux_kernel< 5.4+1
Debianlinux/linux_kernel< 5.4.6-1+3
Ubuntulinux/linux_kernel< 4.15.0-166.174+1
CVEListV5linux/linux_kernelKernel 5.3 rc1
debiandebian/linux< linux 5.4.6-1 (bookworm)

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

4
GHSA
GHSA-hf76-5hm2-g68j: A flaw was found in the Linux kernel2022-05-24
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2022-03-22
OSV
linux, linux-aws, linux-aws-hwe, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities2022-01-06
OSV
CVE-2021-20317: A flaw was found in the Linux kernel2021-09-27

📋Vendor Advisories

6
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
CISA ICS
Siemens SCALANCE LPE9403 Third-Party Vulnerabilities2022-06-16
Ubuntu
Linux kernel vulnerabilities2022-03-22
Ubuntu
Linux kernel vulnerabilities2022-01-06
Red Hat
kernel: timer tree corruption leads to missing wakeup and system freeze2021-09-23