CVE-2021-4002

Description

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.

Related CPE's

olinuxlinux_kernel********

olinuxlinux_kernel5.16-******

olinuxlinux_kernel5.16rc1******

olinuxlinux_kernel5.16rc2******

odebiandebian_linux9.0*******

odebiandebian_linux10.0*******

ofedoraprojectfedora35*******

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea

PatchVendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890

PatchVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2025726

Issue TrackingThird Party Advisory

https://www.openwall.com/lists/oss-security/2021/11/25/1

ExploitMailing ListThird Party Advisory

[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update

Mailing ListThird Party Advisory

[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update

Mailing ListThird Party Advisory

DSA-5096

Third Party Advisory

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

LOW

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

NONE

IntegrityImpact

LOW

PrivilegesRequired

LOW

BaseScore

4.4

VectorString

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

NONE

IntegrityImpact

PARTIAL

BaseScore

3.6

VectorString

AV:L/AC:L/Au:N/C:P/I:P/A:N

Version

2.0

AccessVector

LOCAL

Authentication

NONE

Created by Yello
About Severity.io