Base Score

MEDIUM4.7

CVE-2021-28964

A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.

VectorLOCAL

Published Bycve@mitre.org

Published DateMar 22, 2021, 09:15

Weakness Type (CWE):CWE-362

CVSS Metrics

Base Score

4.7

Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

Base Score

MEDIUM4.7

Weakness Type (CWE):CWE-362

CVSS Metrics

Base Score

4.7

Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH