CVE-2021-29265
MEDIUMLinux Kernel < 5.11.7 - Denial of Service via Race Condition in USB/IP Stub Device Status Update
Title source: llmDescription
An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9380afd6df70e24eacbdbde33afc6a3950965d22
Release Notes, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.7
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Scores
CVSS v3
4.7
EPSS
0.0026
EPSS Percentile
16.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-362
Status
published
Products (2)
debian/debian_linux
9.0
linux/linux_kernel
< 5.11.7
Published
Mar 26, 2021
Tracked Since
Feb 18, 2026