CVE-2021-4002
MEDIUMLinux Kernel < 5.16 - Use-After-Free in hugetlbfs Memory Mapping
Title source: llmDescription
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.
References (8)
Core 8
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2025726
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2021/11/25/1
Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea
Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2022/dsa-5096
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2022.html
Scores
CVSS v3
4.4
EPSS
0.0052
EPSS Percentile
39.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-401
CWE-459
Status
published
Products (8)
debian/debian_linux
9.0
debian/debian_linux
10.0
fedoraproject/fedora
35
linux/linux_kernel
5.16 (3 CPE variants)
linux/linux_kernel
< 5.16
oracle/communications_cloud_native_core_binding_support_function
22.1.3
oracle/communications_cloud_native_core_network_exposure_function
22.1.1
oracle/communications_cloud_native_core_policy
22.2.0
Published
Mar 03, 2022
Tracked Since
Feb 18, 2026