CVE-2021-20265

low-risk
Published 2021-03-10

A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (2)

Tekelec Platform Distribution

Affected Vendors

Linux Oracle

References (6)

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1908827
Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa...
Patch https://www.oracle.com/security-alerts/cpuoct2021.html
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1908827
Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa...
Patch https://www.oracle.com/security-alerts/cpuoct2021.html
25
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 7/34 · Low