CVE-2021-3679

Public on 2021-09-30
Modified on 2021-10-04
Description
A lack of CPU resources in the Linux kernel tracing module functionality was found in the way users use the trace ring buffer in specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
Severity
Medium
CVSS v3 Base Score
5.5
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 kernel 2021-09-30 19:25 ALAS-2021-1539

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv2 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P
NVD CVSSv3 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H