SB2024070460 - Incorrect calculation in Linux kernel fs
Published: July 4, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024070460
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Incorrect calculation (CVE-ID: CVE-2021-47124)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the io_link_timeout_fn() function in fs/io_uring.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0b2a990e5d2f76d020cb840c456e6ec5f0c27530
- https://git.kernel.org/stable/c/6f5d7a45f58d3abe3a936de1441b8d6318f978ff
- https://git.kernel.org/stable/c/876808dba2ff7509bdd7f230c4f374a0caf4f410
- https://git.kernel.org/stable/c/ff4a96ba5c8f9b266706280ff8021d2ef3f17e86
- https://git.kernel.org/stable/c/a298232ee6b9a1d5d732aa497ff8be0d45b5bd82
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.43
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.55
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13