Bug 1989165 (CVE-2021-3679)
Summary: | CVE-2021-3679 kernel: DoS in rb_per_cpu_empty() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Alex <allarkin> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, bhu, blc, brdeoliv, bskeggs, chwhite, crwood, dhoward, dvlasenk, fhrbata, fpacheco, hdegoede, hkrzesin, jarod, jarodwilson, jeremy, jforbes, jlelli, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, mlangsdo, nmurray, ptalbert, qzhao, rvrbovsk, steved, walters, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kernel 5.14-rc3 | Doc Type: | If docs needed, set a value |
Doc Text: |
A lack of CPU resources in the Linux kernel tracing module functionality was found in the way users use the trace ring buffer in specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-11-09 21:53:14 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1989166, 1989485, 1989486 | ||
Bug Blocks: | 1986380, 1989644 |
Description
Alex
2021-08-02 14:59:17 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1989166] This was fixed for Fedora with the 5.13.6 stable kernel updates. Patches: 1. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f0d6d9883c13174669f88adac4f0ee656cc16a - this one fixes the bug. 2. https://lore.kernel.org/stable/20210723125633.655004181@goodmis.org/ 3. https://lore.kernel.org/stable/20210723125633.840379520@goodmis.org/#t 7. https://lore.kernel.org/stable/20210723125634.584194330@goodmis.org/ , And Steven merged patch (patch #1) with other three patches, ran through his test and submitted to LKML for the next merge window of 5.14-rc2. The other patches (#2, #3, #7) fixes some other (less important, so no separate CVE) bug and style for other files of tracing module. The patch #1 fixes buggy conditional in rb_per_cpu_empty() and thus prevents deadloop outcome when using the same exploiting method. The combined patch: https://lore.kernel.org/lkml/20210723125527.767d1c18@oasis.local.home/ This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4140 https://access.redhat.com/errata/RHSA-2021:4140 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4356 https://access.redhat.com/errata/RHSA-2021:4356 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3679 |