Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-20317

Related Vulnerabilities: CVE-2021-20317  

A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP. The highest threat from this vulnerability is system availability.

Source

Description

A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP. The highest threat from this vulnerability is system availability.

Mitigation

In order to mitigate this issue, it is possible to prevent the affected code by loading the kvm module with "pi_inject_timer=0" parameter.

rmmod kvm_intel kvm
modprobe kvm pi_inject_timer=0 
modprobe kvm_intel

Additional Information

  • Bugzilla 2005258: CVE-2021-20317 kernel: timer tree corruption leads to missing wakeup and system freeze
  • CWE-665: Improper Initialization
  • FAQ: Frequently asked questions about CVE-2021-20317

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started