Bug 1941762 (CVE-2021-28950)
Summary: | CVE-2021-28950 kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, bdettelb, bhu, blc, bmasney, brdeoliv, bskeggs, chwhite, crwood, dhoward, dvlasenk, fhrbata, fpacheco, hdegoede, hkrzesin, ikent, jarodwilson, jeremy, jforbes, jlelli, jonathan, josef, jpazdziora, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, mlangsdo, nmurray, ptalbert, qzhao, rvrbovsk, steved, tomckay, walters, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A denial of service in the kernel side of the FUSE functionality can allow a local system to create a denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-11-15 11:31:29 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1946535, 1941763, 1944483, 1944484, 1944489, 1949873, 2015840, 2015841 | ||
Bug Blocks: | 1941764 |
Description
Guilherme de Almeida Suckevicz
2021-03-22 18:10:47 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1941763] Mitigation: As the FUSE module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions: # echo "install fuse /bin/true" >> /etc/modprobe.d/disable-fuse.conf The system will need to be restarted if the FUSE modules are loaded. In most circumstances, the CIFS kernel modules will be unable to be unloaded while the FUSE filesystems are in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4140 https://access.redhat.com/errata/RHSA-2021:4140 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4356 https://access.redhat.com/errata/RHSA-2021:4356 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2021:4648 https://access.redhat.com/errata/RHSA-2021:4648 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2021:4650 https://access.redhat.com/errata/RHSA-2021:4650 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-28950 |