CVE-2021-4157

EPSS 0.05%
Published 25.03.2022 19:15:09
Last modified 21.11.2024 06:37:01
Source secalert@redhat.com
Teams watchlist Login
Open Login

An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.0 < 4.4.269

Linux ≫ Linux Kernel Version >= 4.5 < 4.9.269

Linux ≫ Linux Kernel Version >= 4.10 < 4.14.233

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.191

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.120

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.38

Linux ≫ Linux Kernel Version >= 5.11 < 5.11.22

Linux ≫ Linux Kernel Version >= 5.12 < 5.12.5

Fedoraproject ≫ Fedora Version35

Netapp ≫ H300e Firmware Version-

Netapp ≫ H300e Version-

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Netapp ≫ H500e Firmware Version-

Netapp ≫ H500e Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700e Firmware Version-

Netapp ≫ H700e Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Oracle ≫ Communications Cloud Native Core Binding Support Function Version22.1.1

Oracle ≫ Communications Cloud Native Core Binding Support Function Version22.1.3

Oracle ≫ Communications Cloud Native Core Binding Support Function Version22.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.151

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8	2.1	5.9	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.4	4.4	10	AV:A/AC:M/Au:S/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://www.oracle.com/security-alerts/cpujul2022.html

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2034342

Third Party Advisory

Issue Tracking

https://lore.kernel.org/lkml/20210517140244.822185482%40linuxfoundation.org/

https://security.netapp.com/advisory/ntap-20220602-0007/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-4157

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-4157

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-4157

EUVD