CVE-2021-3679

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f0d6d9883c13174669f88adac4f0ee656cc16a

https://bugzilla.redhat.com/show_bug.cgi?id=1989165

https://www.debian.org/security/2021/dsa-4978

https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html

https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html

Details

Source: MITRE

Published: 2021-08-05

Updated: 2022-01-01

Type: CWE-400

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.14:-:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.14:rc1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:5.14:rc2:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Tenable Plugins

View all (45 total)

IDNameProductFamilySeverity
156431EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-2934)NessusHuawei Local Security Checks
high
156347EulerOS Virtualization 3.0.2.0 : kernel (EulerOS-SA-2021-2818)NessusHuawei Local Security Checks
high
156163Debian DLA-2843-1 : linux - LTS security updateNessusDebian Local Security Checks
high
155959SUSE SLES12 Security Update : kernel (SUSE-SU-2021:3972-1)NessusSuSE Local Security Checks
high
155930SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3969-1)NessusSuSE Local Security Checks
high
155910SUSE SLES12 Security Update : kernel (SUSE-SU-2021:3929-1)NessusSuSE Local Security Checks
high
155902SUSE SLES12 Security Update : kernel (SUSE-SU-2021:3935-1)NessusSuSE Local Security Checks
high
155840SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3876-1)NessusSuSE Local Security Checks
high
155824openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3876-1)NessusSuSE Local Security Checks
high
155814SUSE SLES11 Security Update : kernel (SUSE-SU-2021:14849-1)NessusSuSE Local Security Checks
high
155425Oracle Linux 8 : kernel (ELSA-2021-4356)NessusOracle Linux Local Security Checks
high
155261EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2688)NessusHuawei Local Security Checks
high
155219RHEL 8 : kernel (RHSA-2021:4356)NessusRed Hat Local Security Checks
high
155172RHEL 8 : kernel-rt (RHSA-2021:4140)NessusRed Hat Local Security Checks
high
155145CentOS 8 : kernel (CESA-2021:4356)NessusCentOS Local Security Checks
high
155119EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2713)NessusHuawei Local Security Checks
high
155070CentOS 8 : kernel-rt (CESA-2021:4140)NessusCentOS Local Security Checks
high
154812EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-2636)NessusHuawei Local Security Checks
high
154279Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5115-1)NessusUbuntu Local Security Checks
high
154165Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9485)NessusOracle Linux Local Security Checks
high
154163Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9488)NessusOracle Linux Local Security Checks
high
154016OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0035)NessusOracleVM Local Security Checks
high
153860Amazon Linux AMI : kernel (ALAS-2021-1539)NessusAmazon Linux Local Security Checks
high
153802Ubuntu 18.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-5094-2)NessusUbuntu Local Security Checks
medium
153801Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-5091-2)NessusUbuntu Local Security Checks
high
153799Ubuntu 20.04 LTS / 21.04 : Linux kernel vulnerabilities (USN-5092-2)NessusUbuntu Local Security Checks
high
153797Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-5094-1)NessusUbuntu Local Security Checks
high
153789Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5096-1)NessusUbuntu Local Security Checks
high
153770Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5092-1)NessusUbuntu Local Security Checks
high
153769Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5091-1)NessusUbuntu Local Security Checks
high
153668Debian DSA-4978-1 : linux - security updateNessusDebian Local Security Checks
high
153627SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:3207-1)NessusSuSE Local Security Checks
high
153625SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2021:3206-1)NessusSuSE Local Security Checks
high
153622SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:3205-1)NessusSuSE Local Security Checks
high
153616SUSE SLES12 Security Update : kernel (SUSE-SU-2021:3217-1)NessusSuSE Local Security Checks
high
153598openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3205-1)NessusSuSE Local Security Checks
high
153581SUSE SLES12 Security Update : kernel (SUSE-SU-2021:3192-1)NessusSuSE Local Security Checks
high
153567Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9458)NessusOracle Linux Local Security Checks
high
153559Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9460)NessusOracle Linux Local Security Checks
high
153542SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3179-1)NessusSuSE Local Security Checks
high
153541openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3179-1)NessusSuSE Local Security Checks
high
153540SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3178-1)NessusSuSE Local Security Checks
high
153535SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3177-1)NessusSuSE Local Security Checks
high
153499Photon OS 3.0: Linux PHSA-2021-3.0-0302NessusPhotonOS Local Security Checks
medium
152467openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1142-1)NessusSuSE Local Security Checks
high