[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[oss-security] CVE-2021-20219 Linux kernel: improper synchronization in flush_to_ldisc() can lead to DoS

Hello Team,

A denial of service vulnerability was found in n_tty_receive_char_special
in drivers/tty/n_tty.c of the Linux kernel.  In this flaw a local attacker
with a normal user privilege could delay the loop (due to a changing
ldata->read_head, and a missing sanity check) and cause a threat to the
system availability.

'CVE-2021-20219' was assigned by Red Hat.

Acknowledgements: Evgenii Shatokhin (Virtuozzo Research LLC)

Rohit Keshri / Red Hat Product Security Team
PGP: OX01BC 858A 07B7 15C8 EF33 BFE2 2EEB 0CBC 84A4 4C2D

secalert AT redhat.com for urgent response