CVE-2021-4002

MEDIUM

Linux kernel - Memory Corruption

Title source: llm

Description

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.

References (8)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2025726

[Exploit, Mailing List, Third Party Advisory] https://www.openwall.com/lists/oss-security/2021/11/25/1

[Patch, Vendor Advisory] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea

[Patch, Vendor Advisory] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html

[Third Party Advisory] https://www.debian.org/security/2022/dsa-5096

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpujul2022.html

Scores

CVSS v3 4.4

EPSS 0.0002

EPSS Percentile 5.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-401 CWE-459

Status published

Products (8)

debian/debian_linux 9.0

debian/debian_linux 10.0

fedoraproject/fedora 35

linux/linux_kernel 5.16 (3 CPE variants)

linux/linux_kernel < 5.16

oracle/communications_cloud_native_core_binding_support_function 22.1.3

oracle/communications_cloud_native_core_network_exposure_function 22.1.1

oracle/communications_cloud_native_core_policy 22.2.0

Published Mar 03, 2022

Tracked Since Feb 18, 2026