Vulnerability Description
A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | - |
| Oracle | Tekelec Platform Distribution | >= 7.4.0, <= 7.7.1 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1908827Issue TrackingPatchThird Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=faPatchVendor Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1908827Issue TrackingPatchThird Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=faPatchVendor Advisory
- https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory
FAQ
What is CVE-2021-20265?
CVE-2021-20265 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the syst...
How severe is CVE-2021-20265?
CVE-2021-20265 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-20265?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Oracle Tekelec Platform Distribution.