Vulnerability Name:

CVE-2021-4135 (CCN-231343)

Assigned:2021-12-15
Published:2021-12-15
Updated:2022-07-20
Summary:A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data.
CVSS v3 Severity:5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
4.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
3.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:3.2 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-401
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2021-4135

Source: XF
Type: UNKNOWN
linux-kernel-cve20214135-sec-bypass(231343)

Source: CCN
Type: Linux Kernel GIT Repository
netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc

Source: MISC
Type: Mailing List, Patch, Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=481221775d53

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.16:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.16:rc4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.16:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:5.16:rc5:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version < 5.16)

  • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8029
    P
    kernel-docs-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:8090
    P
    reiserfs-kmp-default-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7539
    P
    kernel-64kb-5.14.21-150500.53.2 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:3453
    P
    clamav-0.101.3-1.19 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3567
    P
    libXtst6-1.2.2-7.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3398
    P
    wpa_supplicant-2.6-15.10.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3448
    P
    busybox-1.21.1-3.3 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:95028
    P
    kernel-docs-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2960
    P
    kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95078
    P
    reiserfs-kmp-default-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95083
    P
    kernel-azure-5.14.21-150400.12.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94590
    P
    kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95197
    P
    kernel-default-extra-5.14.21-150400.22.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:4740
    P
    Security update for the Linux RT Kernel (Critical)
    2022-02-22
    oval:org.opensuse.security:def:6159
    P
    Security update for the Linux Kernel (Critical)
    2022-02-11
    oval:org.opensuse.security:def:5341
    P
    Security update for the Linux Kernel (Critical)
    2022-02-10
    oval:org.opensuse.security:def:4304
    P
    Security update for the Linux Kernel (Critical)
    2022-02-10
    oval:org.opensuse.security:def:6158
    P
    Security update for the Linux Kernel (Critical)
    2022-02-10
    oval:org.opensuse.security:def:4677
    P
    Security update for the Linux Kernel (Critical)
    2022-02-10
    oval:org.opensuse.security:def:6356
    P
    Security update for the Linux Kernel (Critical)
    2022-02-10
    oval:org.opensuse.security:def:102156
    P
    Security update for the Linux Kernel (Important)
    2022-02-02
    oval:org.opensuse.security:def:1599
    P
    Security update for the Linux Kernel (Important)
    2022-02-02
    oval:org.opensuse.security:def:118439
    P
    Security update for the Linux Kernel (Important)
    2022-02-02
    oval:org.opensuse.security:def:42333
    P
    Security update for the Linux Kernel (Important)
    2022-02-02
    oval:org.opensuse.security:def:42191
    P
    Security update for the Linux Kernel (Important)
    2022-02-02
    oval:org.opensuse.security:def:1805
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:910
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:118730
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:101844
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:99205
    P
    (Important)
    2022-01-26
    oval:org.opensuse.security:def:119600
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:118182
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:100408
    P
    (Important)
    2022-01-26
    oval:org.opensuse.security:def:42297
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:1176
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:118920
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:101893
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:99479
    P
    (Important)
    2022-01-26
    oval:org.opensuse.security:def:102307
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:100742
    P
    (Important)
    2022-01-26
    oval:org.opensuse.security:def:1237
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:119225
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:101986
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:99741
    P
    (Important)
    2022-01-26
    oval:org.opensuse.security:def:42189
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:1751
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:102353
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:118646
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:101612
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:1375
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:119415
    P
    Security update for the Linux Kernel (Important)
    2022-01-26
    oval:org.opensuse.security:def:100070
    P
    (Important)
    2022-01-26
    oval:org.opensuse.security:def:1560
    P
    Security update for the Linux Kernel (Important)
    2022-01-25
    oval:org.opensuse.security:def:102122
    P
    Security update for the Linux Kernel (Important)
    2022-01-25
    BACK
    linux linux kernel 5.16 rc2
    linux linux kernel 5.16 rc3
    linux linux kernel 5.16 rc4
    linux linux kernel 5.16 rc1
    linux linux kernel 5.16 -
    linux linux kernel 5.16 rc5
    linux linux kernel *
    linux linux kernel -