Bug 1923738 (CVE-2021-20219) - CVE-2021-20219 kernel: improper synchronization in flush_to_ldisc() can lead to DoS
Summary: CVE-2021-20219 kernel: improper synchronization in flush_to_ldisc() can lead ...
Keywords:
Status: NEW
Alias: CVE-2021-20219
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 1909882 1924152 1924153
Blocks: 1910136
TreeView+ depends on / blocked
 
Reported: 2021-02-01 18:25 UTC by Guilherme de Almeida Suckevicz
Modified: 2024-01-19 19:11 UTC (History)
41 users (show)

Fixed In Version: kernel 4.18
Doc Type: If docs needed, set a value
Doc Text:
A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a threat to the system availability.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-02-01 18:25:05 UTC 
A denial-of-service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of the Linux kernel.  In this flaw a local attacker with a normal user privilege could  delay the loop (due to a changing ldata->read_head, and a missing sanity check) and cause a threat to the system availability.
Comment 4 Rohit Keshri 2021-02-02 08:02:10 UTC 
Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Comment 6 Rohit Keshri 2021-02-02 17:12:01 UTC 
Acknowledgments:

Name: Evgenii Shatokhin (Virtuozzo Research LLC)
Note You need to log in before you can comment on or make changes to this bug.