CVE-2021-4002 — Incomplete Cleanup in Kernel
Severity
4.4MEDIUMNVD
OSV7.8OSV6.5OSV4.7OSV4.1
EPSS
0.0%
top 94.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 3
Latest updateFeb 14
Description
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5
Affected Packages11 packages
Also affects: Debian Linux 10.0, 9.0, Fedora 35
Patches
🔴Vulnerability Details
9GHSA▶
GHSA-7jmv-5cqq-75jg: A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which a↗2022-03-04
OSV▶
CVE-2021-4002: A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which a↗2022-03-03
OSV▶
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, l↗2022-01-06
📋Vendor Advisories
13Microsoft▶
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some↗2022-03-08