CVE-2021-20321Race Condition in Kernel

CWE-362Race Condition20 documents8 sources
Severity
4.7MEDIUMNVD
OSV6.5OSV4.4
EPSS
0.0%
top 95.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxRedhat Enterprise Linux+1 more
Timeline
PublishedFeb 18
Latest updateFeb 14

Description

A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel< 5.15+1
Debianlinux/linux_kernel< 5.10.84-1+3
Ubuntulinux/linux_kernel< 4.15.0-166.174+3
CVEListV5linux/linux_kernelkernel 5.15-rc5
Palo Altopaloalto/pan-os

Also affects: Debian Linux 10.0, 9.0, Enterprise Linux 7.0, 8.0

🔴Vulnerability Details

9
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2023-07-12
OSV
CVE-2021-20321: In ovl_rename of dir2022-06-01
CVEList
CVE-2021-20321: A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS2022-02-18
OSV
CVE-2021-20321: A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS2022-02-18
OSV
linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4 regression2022-01-12

📋Vendor Advisories

10
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
Ubuntu
Linux kernel vulnerabilities2023-07-12
Microsoft
A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system2022-02-08
Ubuntu
Linux kernel regression2022-01-12
Ubuntu
Linux kernel (OEM) vulnerabilities2022-01-11
CVE-2021-20321 — Race Condition in Linux Kernel | cvebase