Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-4159

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.

Published

2022-08-24T16:15:09.713

Last Modified

2024-11-21T06:37:02.127

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-202
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linux	linux_kernel	< 5.7	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	debian	debian_linux	10.0	Yes

References

https://access.redhat.com/security/cve/CVE-2021-4159 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2036024 Issue Tracking ([email protected])
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd Mailing List, Patch, Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html Mailing List, Third Party Advisory ([email protected])
https://security-tracker.debian.org/tracker/CVE-2021-4159 Third Party Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2021-4159 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2036024 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd Mailing List, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security-tracker.debian.org/tracker/CVE-2021-4159 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)