CVE-2021-4002Incomplete Cleanup in Kernel

Severity
4.4MEDIUMNVD
OSV7.8OSV6.5OSV4.7OSV4.1
EPSS
0.0%
top 94.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedMar 3
Latest updateFeb 14

Description

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages11 packages

NVDlinux/linux_kernel< 5.16+1
Debianlinux/linux_kernel< 5.10.84-1+3
Ubuntulinux/linux_kernel< 4.15.0-166.174+5
CVEListV5linux/linux_kernelaffects kernel v3.6 and later through v5.15.5.
debiandebian/linux< linux 5.15.5-1 (bookworm)

Also affects: Debian Linux 10.0, 9.0, Fedora 35

Patches

🔴Vulnerability Details

9
GHSA
GHSA-7jmv-5cqq-75jg: A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which a2022-03-04
OSV
CVE-2021-4002: A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which a2022-03-03
OSV
linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4 regression2022-01-12
OSV
linux-oem-5.13 vulnerabilities2022-01-11
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, l2022-01-06

📋Vendor Advisories

13
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
Microsoft
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some2022-03-08
Ubuntu
Linux kernel regression2022-01-12
Ubuntu
Linux kernel (OEM) vulnerabilities2022-01-11
Ubuntu
Linux kernel vulnerabilities2022-01-06