TROYANOSYVIRUS
Back to CVEs

CVE-2021-4002

MEDIUM
4.4

Description

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.

CVE Details

CVSS v3.1 Score4.4
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published3/3/2022
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0

Affected Products

debian:debian_linuxfedoraproject:fedoralinux:linux_kerneloracle:communications_cloud_native_core_binding_support_functionoracle:communications_cloud_native_core_network_exposure_functionoracle:communications_cloud_native_core_policy

Weaknesses (CWE)

CWE-459CWE-401

References

https://bugzilla.redhat.com/show_bug.cgi?id=2025726(secalert@redhat.com)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea(secalert@redhat.com)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890(secalert@redhat.com)
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html(secalert@redhat.com)
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html(secalert@redhat.com)
https://www.debian.org/security/2022/dsa-5096(secalert@redhat.com)
https://www.openwall.com/lists/oss-security/2021/11/25/1(secalert@redhat.com)
https://www.oracle.com/security-alerts/cpujul2022.html(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2025726(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea(af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5096(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2021/11/25/1(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2022.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.