CVE-2021-4204

HIGH

Linux kernel - Memory Corruption

Title source: llm

Description

An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.

Exploits (1)

inthewild WORKING POC

poc

https://github.com/tr3ee/cve-2021-4204

View Code ZIP pw:eip

References (5)

[Mitigation, Third Party Advisory] https://access.redhat.com/security/cve/CVE-2021-4204

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2039178

[Third Party Advisory] https://security-tracker.debian.org/tracker/CVE-2021-4204

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20221228-0003/

[Mailing List, Patch, Third Party Advisory] https://www.openwall.com/lists/oss-security/2022/01/11/4

Scores

CVSS v3 7.1

EPSS 0.0077

EPSS Percentile 73.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Details

CWE

CWE-119 CWE-20

Status published

Products (9)

debian/debian_linux 11.0

linux/linux_kernel 5.8.0

linux/linux_kernel < 5.8.0

netapp/h300s_firmware

netapp/h410c_firmware

netapp/h410s_firmware

netapp/h500s_firmware

netapp/h700s_firmware

redhat/enterprise_linux 9.0

Published Aug 24, 2022

Tracked Since Feb 18, 2026