4.4

CVE-2021-4002

Exploit
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.16
LinuxLinux Kernel Version5.16 Update-
LinuxLinux Kernel Version5.16 Updaterc1
LinuxLinux Kernel Version5.16 Updaterc2
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
FedoraprojectFedora Version35
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.52% 0.401
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 1.8 2.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:P/I:P/A:N
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

CWE-459 Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

https://www.oracle.com/security-alerts/cpujul2022.html
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2022/dsa-5096
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
Third Party Advisory
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=2025726
Third Party Advisory
Issue Tracking
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea
Patch
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890
Patch
Vendor Advisory
https://www.openwall.com/lists/oss-security/2021/11/25/1
Third Party Advisory
Exploit
Mailing List