CVE-2021-4023
MEDIUMLinux Kernel < 5.15-rc1 - Denial of Service via io-workqueue Cancellation
Title source: llmDescription
A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system.
References (1)
Core 1
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2026484
Scores
CVSS v3
5.5
EPSS
0.0003
EPSS Percentile
8.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-200
Status
published
Products (2)
fedoraproject/fedora
35
linux/linux_kernel
< 5.14
Published
Mar 10, 2022
Tracked Since
Feb 18, 2026