CVE-2021-20265
CVE-2021-20265 is a medium-severity vulnerability in Oracle Tekelec Platform Distribution with a CVSS 3.x base score of 5.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-401.
Key facts
- Severity: Medium (CVSS 3.x base score 5.5)
- CVSS v2: 4.9
- EPSS exploit prediction: 0% (26th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-401
- Affected product: Oracle Tekelec Platform Distribution
- Published:
- Last modified:
Description
A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.
Frequently asked questions
- What is CVE-2021-20265?
- A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.
- How severe is CVE-2021-20265?
- CVE-2021-20265 has a CVSS 3.x base score of 5.5, rated medium severity. It is exploitable over local access with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2021-20265 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (26th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2021-20265?
- CVE-2021-20265 primarily affects Oracle Tekelec Platform Distribution. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2021-20265?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2021-20265 published?
- CVE-2021-20265 was published on 2021-03-10 and last updated on 2026-06-17.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1908827
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fa0dc04df259ba2df3ce1920e9690c7842f8fa4b
- https://www.oracle.com/security-alerts/cpuoct2021.html
Affected products (2)
- cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*
More vulnerabilities in Oracle Tekelec Platform Distribution
- CVE-2016-5018 — Critical (CVSS 9.1): In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a…
- CVE-2020-10878 — High (CVSS 8.6): Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A…
- CVE-2020-10543 — High (CVSS 8.2): Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression…
- CVE-2021-27365 — High (CVSS 7.8): An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate…
- CVE-2021-3156 — High (CVSS 7.8): Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows…
- CVE-2020-29661 — High (CVSS 7.8): A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c…
All CVEs affecting Oracle Tekelec Platform Distribution →
Other CWE-401 (Missing Release of Memory after Effective Lifetime) vulnerabilities
- CVE-2022-0742 — Critical (CVSS 9.1): Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go…
- CVE-2024-25450 — High (CVSS 8.8): imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().
- CVE-2023-33718 — High (CVSS 8.8): mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp
- CVE-2021-40633 — High (CVSS 8.8): A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of…
- CVE-2021-3492 — High (CVSS 8.8): Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring…
- CVE-2019-17340 — High (CVSS 8.8): An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain…
Browse all CWE-401 (Missing Release of Memory after Effective Lifetime) vulnerabilities →