Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7
CVSSv3

CVE-2021-40490

Published: 03/09/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 393
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Linux

Vulnerability Summary

A race condition exists in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel up to and including 5.13.13.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

fedoraproject fedora 33

fedoraproject fedora 34

debian debian linux 9.0

debian debian linux 11.0

netapp aff_a250_firmware -

netapp fas_500f_firmware -

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h300e_firmware -

netapp h500e_firmware -

netapp h700e_firmware -

netapp h410s_firmware -

netapp h410c_firmware -

netapp h610c_firmware -

netapp h610s_firmware -

netapp h615c_firmware -

Vendor Advisories

Ubuntu Security Notice: USN-5343-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Debian Security Advisories: DSA-4978-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2020-3702 A flaw was found in the driver for Atheros IEEE 80211n family of chipsets (ath9k) allowing information disclosure CVE-2020-16119 Hadar Manor reported a use-after-free in the D ...
Amazon Linux AMI: ALAS-2021-1539
A flaw was found in the Linux kernel When reusing a socket with an attached dccps_hc_tx_ccid as a listener, the socket will be used after being released leading to denial of service (DoS) or a potential code execution The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2020-1611 ...
Arch Linux Issues:
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inlinec in the ext4 subsystem in the Linux kernel through 51313 ...
Amazon Linux 2: ALAS2LIVEPATCH-2021-063
ALAS2LIVEPATCH-2021-063 Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2021-063 Advisory Release Date: 2021-09-08 17:11 P ...
Amazon Linux 2: ALAS2-2021-1712
A flaw was found in the Linux kernel A race condition was discovered in the ext4 subsystem The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE-2021-40490) ...
Amazon Linux 2: ALAS2LIVEPATCH-2021-064
ALAS2LIVEPATCH-2021-064 Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2021-064 Advisory Release Date: 2021-09-08 17:12 P ...
Amazon Linux 2: ALAS2LIVEPATCH-2021-062
ALAS2LIVEPATCH-2021-062 Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2021-062 Advisory Release Date: 2021-09-08 17:11 P ...
Amazon Linux 2: ALAS2LIVEPATCH-2021-060
ALAS2LIVEPATCH-2021-060 Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2021-060 Advisory Release Date: 2021-09-08 17:10 P ...
Amazon Linux 2: ALAS2KERNEL-5.4-2022-007
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctlc in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE) The highest threat from this vulnerability is to data confidentiality (CVE-2021-3753) A flaw was found in the Linux kernel A race co ...
Amazon Linux 2: ALAS2LIVEPATCH-2021-061
ALAS2LIVEPATCH-2021-061 Amazon Linux 2 Security Advisory: ALASLIVEPATCH-2021-061 Advisory Release Date: 2021-09-08 17:10 P ...
Amazon Linux 2: ALAS2-2021-1704
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2) Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Inte ...
Amazon Linux 2: ALAS2KERNEL-5.10-2022-005
A flaw was found in the Linux kernel's implementation of wireless drivers using the Atheros chipsets An attacker within wireless range could send crafted traffic leading to information disclosure (CVE-2020-3702) A flaw was found in the KVM's AMD code for supporting SVM nested virtualization The flaw occurs when processing the VMCB (virtual mach ...

References

CWE-362https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=9e445093e523f3277081314c864f708fd4bd34aahttps://www.debian.org/security/2021/dsa-4978https://security.netapp.com/advisory/ntap-20211004-0001/https://lists.debian.org/debian-lts-announce/2021/10/msg00010.htmlhttps://lists.debian.org/debian-lts-announce/2021/12/msg00012.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJGX3DMJT6MRBW2XEF3TWVHYWZW3DG3N/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6VS2DLGT7TK7URKAS2KWJL3S533SGVA/https://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5343-1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook