CVE-2021-28951
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25.
Se detectó un problema en el archivo fs/io_uring.c en el kernel de Linux versiones hasta 5.11.8. Permite a atacantes causar una denegación de servicio (deadlock) porque la salida puede estar esperando para estacionar un hilo SQPOLL, pero al mismo tiempo ese hilo SQPOLL está esperando una señal para comenzar, también se conoce como CID-3ebba796fa25
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-03-20 CVE Reserved
- 2021-03-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-667: Improper Locking
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20210430-0003 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3ebba796fa251d042be42b929a2d916ee5c34a49 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | A250 Firmware Search vendor "Netapp" for product "A250 Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | A250 Search vendor "Netapp" for product "A250" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | Aff 500f Firmware Search vendor "Netapp" for product "Aff 500f Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Aff 500f Search vendor "Netapp" for product "Aff 500f" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | Fas 500f Firmware Search vendor "Netapp" for product "Fas 500f Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Fas 500f Search vendor "Netapp" for product "Fas 500f" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | Solidfire Baseboard Management Controller Firmware Search vendor "Netapp" for product "Solidfire Baseboard Management Controller Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | Solidfire Baseboard Management Controller Search vendor "Netapp" for product "Solidfire Baseboard Management Controller" | - | - |
Safe
|
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 5.11.8 Search vendor "Linux" for product "Linux Kernel" and version " <= 5.11.8" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||