CVE-2021-4002

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.

CVSS v3.0 4.4 MEDIUM
CVSS v2.0 3.6 LOW

4.4^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea	Patch Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890	Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2025726	Issue Tracking Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/11/25/1	Exploit Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html	Mailing List Third Party Advisory
https://www.debian.org/security/2022/dsa-5096	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel:5.16:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.16:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.16:-::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Information

Published : 2022-03-03 22:15

Updated : 2022-07-25 18:18

NVD link : CVE-2021-4002

Mitre link : CVE-2021-4002

JSON object : View

Products Affected

fedoraproject

fedora

linux

linux_kernel

debian

debian_linux

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025726", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2025726", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.openwall.com/lists/oss-security/2021/11/25/1", "name": "https://www.openwall.com/lists/oss-security/2021/11/25/1", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html", "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://www.debian.org/security/2022/dsa-5096", "name": "DSA-5096", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "name": "N/A", "tags": [], "refsource": "N/A"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-401"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-4002", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "acInsufInfo": false, "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.8}}, "publishedDate": "2022-03-03T22:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.16:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.16"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-07-25T18:18Z"}