CVE-2021-38203Improper Locking in Kernel

CWE-667Improper LockingCWE-770Allocation of Resources Without Limits or Throttling8 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 83.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.10.78.1-1 ON CBL Mariner 2.0+1 more
Timeline
PublishedAug 8
Latest updateMay 24

Description

btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel< 5.13.4
Debianlinux/linux_kernel< 5.14.6-1+2
debiandebian/linux< linux 5.14.6-1 (bookworm)

Patches

Patch: cdn.kernel.orgPatch: github.comPatch: cdn.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-5fjr-c5p8-hxvj: btrfs in the Linux kernel before 52022-05-24
OSV
linux-oem-5.13 vulnerabilities2021-09-29
OSV
CVE-2021-38203: btrfs in the Linux kernel before 52021-08-08

📋Vendor Advisories

4
Ubuntu
Linux kernel (OEM) vulnerabilities2021-09-29
Microsoft
btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via processes that trigger allocation of new system chunks during times when there is a shortage of fre2021-08-10
Red Hat
kernel: btrfs: deadlock via processes that trigger allocation of new system chunks during times when there is a shortage of free space in the system space_info2021-07-07
Debian
CVE-2021-38203: linux - btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of se...2021
CVE-2021-38203 — Improper Locking in Linux Kernel | cvebase