CVE-2021-4159
MEDIUMLinux Kernel < 5.7 - Exposure of Sensitive Information via EBPF Verifier
Title source: llmDescription
A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.
References (5)
Core 5
Core References
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2036024
Third Party Advisory x_refsource_misc
https://access.redhat.com/security/cve/CVE-2021-4159
Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2021-4159
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html
Scores
CVSS v3
4.4
EPSS
0.0007
EPSS Percentile
21.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-202
Status
published
Products (3)
debian/debian_linux
10.0
linux/linux_kernel
< 5.7
redhat/enterprise_linux
8.0
Published
Aug 24, 2022
Tracked Since
Feb 18, 2026