The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Linux kernel: memory leak via unix_stream_recvmsg

Synthesis of the vulnerability 

An attacker can create a memory leak via unix_stream_recvmsg() of the Linux kernel, in order to trigger a denial of service.
Vulnerable products: Linux, RHEL.
Severity of this weakness: 1/4.
Creation date: 11/03/2021.
Références of this bulletin: CERTFR-2021-AVI-201, CVE-2021-20265, RHBUG-1908827, RHSA-2021:0856-01, RHSA-2021:0857-01, VIGILANCE-VUL-34830.

Description of the vulnerability 

An attacker can create a memory leak via unix_stream_recvmsg() of the Linux kernel, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security announce impacts software or systems such as Linux, RHEL.

Our Vigil@nce team determined that the severity of this threat is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this computer vulnerability announce.

Solutions for this threat 

Linux kernel: patch for unix_stream_recvmsg.
A patch is indicated in information sources.

RHEL 7.9: new kernel packages.
New packages are available:
  RHEL 7.9: kernel 3.10.0-1160.21.1.el7

RHEL 7.9: new kernel-rt packages.
New packages are available:
  RHEL 7.9: kernel-rt 3.10.0-1160.21.1.rt56.1158.el7
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides cybersecurity announces. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.