CVE-2021-3679
CVE-2021-3679
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
05 Aug 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
Affected products
n/a · kernelWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://bugzilla.redhat.com/show_bug.cgi?id=1989165https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f0d6d9883c13174669f88adac4f0ee656cc16ahttps://lists.debian.org/debian-lts-announce/2021/10/msg00010.htmlhttps://lists.debian.org/debian-lts-announce/2021/12/msg00012.htmlhttps://www.debian.org/security/2021/dsa-4978