4.4

CVE-2021-4159

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.7
RedhatEnterprise Linux Version8.0
DebianDebian Linux Version10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.143
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 0.8 3.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE-202 Exposure of Sensitive Information Through Data Queries

When trying to keep information confidential, an attacker can often infer some of the information by using statistics.

https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html
Third Party Advisory
Mailing List
https://access.redhat.com/security/cve/CVE-2021-4159
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2036024
Issue Tracking
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd
Patch
Vendor Advisory
Mailing List
https://security-tracker.debian.org/tracker/CVE-2021-4159
Third Party Advisory