CVE-2021-4002

MEDIUM

Linux kernel - Memory Corruption

Title source: llm

Description

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.

References (8)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2025726

[Patch, Vendor Advisory] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea

[Patch, Vendor Advisory] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5096

[Exploit, Mailing List, Third Party Advisory] https://www.openwall.com/lists/oss-security/2021/11/25/1

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpujul2022.html

Scores

CVSS v3 4.4

EPSS 0.0002

EPSS Percentile 3.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Classification

CWE

CWE-401 CWE-459

Status published

Affected Products (10)

linux/linux_kernel < 5.16

linux/linux_kernel

linux/linux_kernel

linux/linux_kernel

debian/debian_linux

debian/debian_linux

fedoraproject/fedora

oracle/communications_cloud_native_core_binding_support_function

oracle/communications_cloud_native_core_network_exposure_function

oracle/communications_cloud_native_core_policy

Timeline

Published Mar 03, 2022

Tracked Since Feb 18, 2026