Lucene search

K
redhatcveRedhat.comRH:CVE-2021-33630
HistoryJan 30, 2024 - 5:23 p.m.

CVE-2021-33630

2024-01-3017:23:51
redhat.com
access.redhat.com
33
cve-2021-33630
linux kernel
network scheduler
null pointer dereference
denial of service
offloading
local user
red hat product security
mitigation

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0

Percentile

10.1%

A NULL pointer dereference flaw was found in the Linux kernel’s network scheduler. This issue occurs when offloading is enabled, the cbs instance is not added to the list. The code also incorrectly handles the case when offload is disabled without removing the qdisc. This could allow a local user to cause a denial of service condition.

Mitigation

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0

Percentile

10.1%