CVE-2021-20239 — Untrusted Pointer Dereference in Kernel
Severity
3.3LOWNVD
OSV6.7
EPSS
0.1%
top 75.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 28
Latest updateFeb 14
Description
A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4
Affected Packages6 packages
Also affects: Enterprise Linux 5.0, 6.0, 8.0, Fedora 33
🔴Vulnerability Details
4OSV▶
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2021-04-13
OSV▶
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-ra↗2021-03-16
📋Vendor Advisories
5Red Hat
▶
Debian▶
CVE-2021-20239: linux - A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protoc...↗2021