CVE-2021-4023: 
Linux Kernel vulnerability analysis and mitigation

A flaw was discovered in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The vulnerability, identified as CVE-2021-4023, involves an improper cancellation operation that can trigger the submission of new io-uring operations during a shortage of free space. This vulnerability affects Linux kernel systems with io-uring functionality enabled (NVD, Red Hat).

The vulnerability is related to the kernel's io-workqueue implementation and specifically affects the io-uring subsystem. When an improper cancellation operation occurs during a shortage of free space, it can trigger new io-uring operations, leading to a kernel panic. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The primary impact of this vulnerability is system availability. When successfully exploited, it can cause the kernel to panic, resulting in system crashes. The vulnerability requires local access and permissions to execute io-uring requests to be exploited (Ubuntu, NVD).

The vulnerability was fixed in Linux kernel version 5.15-rc1. For Fedora systems, the fix was included in kernel version 5.14.6 stable updates. Users are advised to upgrade their kernel to a version that includes the fix (Red Hat).