Vulnerability Name: | CVE-2021-4159 (CCN-234277) | ||||||||||||
Assigned: | 2021-12-29 | ||||||||||||
Published: | 2021-12-29 | ||||||||||||
Updated: | 2022-10-06 | ||||||||||||
Summary: | A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. | ||||||||||||
CVSS v3 Severity: | 4.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) 3.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
3.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N)
| ||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-4159 Source: MISC Type: Third Party Advisory https://access.redhat.com/security/cve/CVE-2021-4159 Source: CCN Type: Red Hat Bugzilla - Bug 2036024 CVE-2021-4159 kernel: another kernel ptr leak vulnerability via BPF in coerce_reg_to_size Source: MISC Type: Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2036024 Source: XF Type: UNKNOWN linux-kernel-cve20214159-info-disc(234277) Source: MISC Type: Mailing List, Patch, Vendor Advisory https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd Source: MLIST Type: Mailing List, Third Party Advisory [debian-lts-announce] 20221002 [SECURITY] [DLA 3131-1] linux security update Source: MISC Type: Third Party Advisory https://security-tracker.debian.org/tracker/CVE-2021-4159 Source: CCN Type: Linux Kernel Web site The Linux Kernel Archives Source: CCN Type: Mend Vulnerability Database CVE-2021-4159 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1: ![]() | ||||||||||||
Oval Definitions | |||||||||||||
| |||||||||||||
BACK |