CVE-2021-4197

Description

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.

Related CPE's

olinuxlinux_kernel********

odebiandebian_linux10.0*******

aoraclecommunications_cloud_native_core_binding_support_function22.1.3*******

aoraclecommunications_cloud_native_core_binding_support_function22.1.1*******

aoraclecommunications_cloud_native_core_binding_support_function22.2.0*******

obroadcombrocade_fabric_operating_system_firmware-*******

onetapph300s_firmware-*******

hnetapph300s-*******

onetapph500s_firmware-*******

hnetapph500s-*******

References

https://bugzilla.redhat.com/show_bug.cgi?id=2035652

Issue TrackingThird Party Advisory

https://lore.kernel.org/lkml/[email protected]/T/

ExploitMailing ListThird Party Advisory

DSA-5127

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220602-0006/

Third Party Advisory

DSA-5173

Third Party Advisory

N/A

Third Party Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AttackVector

LOCAL

AttackComplexity

LOW

PrivilegesRequired

LOW

UserInteraction

NONE

Scope

UNCHANGED

ConfidentialityImpact

HIGH

IntegrityImpact

HIGH

AvailabilityImpact

HIGH

BaseScore

7.8

BaseSeverity

HIGH

CvssV2 impact

Version

2.0

VectorString

AV:L/AC:L/Au:N/C:C/I:C/A:C

AccessVector

LOCAL

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

7.199999809265137

Created by Yello
About Severity.io