4.4
CVE-2021-4002
- EPSS 0.02%
- Published 03.03.2022 22:15:08
- Last modified 21.11.2024 06:36:42
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 5.16
Linux ≫ Linux Kernel Version5.16 Update-
Linux ≫ Linux Kernel Version5.16 Updaterc1
Linux ≫ Linux Kernel Version5.16 Updaterc2
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Fedoraproject ≫ Fedora Version35
Oracle ≫ Communications Cloud Native Core Binding Support Function Version22.1.3
Oracle ≫ Communications Cloud Native Core Network Exposure Function Version22.1.1
Oracle ≫ Communications Cloud Native Core Policy Version22.2.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Type | Source | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.02% | 0.025 |
Source | Base Score | Exploit Score | Impact Score | Vector string |
---|---|---|---|---|
nvd@nist.gov | 4.4 | 1.8 | 2.5 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
nvd@nist.gov | 3.6 | 3.9 | 4.9 |
AV:L/AC:L/Au:N/C:P/I:P/A:N
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
CWE-459 Incomplete Cleanup
The product does not properly "clean up" and remove temporary or supporting resources after they have been used.