Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-4002

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.

Published

2022-03-03T22:15:08.527

Last Modified

2024-11-21T06:36:42.333

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.4 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-459
Type: Primary
CWE-401

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 5.16	Yes
Operating System	linux	linux_kernel	5.16	Yes
Operating System	linux	linux_kernel	5.16	Yes
Operating System	linux	linux_kernel	5.16	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	fedoraproject	fedora	35	Yes
Application	oracle	communications_cloud_native_core_binding_support_function	22.1.3	Yes
Application	oracle	communications_cloud_native_core_network_exposure_function	22.1.1	Yes
Application	oracle	communications_cloud_native_core_policy	22.2.0	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=2025726 Issue Tracking, Third Party Advisory ([email protected])
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea Patch, Vendor Advisory ([email protected])
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890 Patch, Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html Mailing List, Third Party Advisory ([email protected])
https://www.debian.org/security/2022/dsa-5096 Third Party Advisory ([email protected])
https://www.openwall.com/lists/oss-security/2021/11/25/1 Exploit, Mailing List, Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujul2022.html Patch, Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2025726 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5096 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2021/11/25/1 Exploit, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)