CVE-2021-4083Use After Free in Kernel

CWE-416Use After FreeCWE-362Race Condition31 documents11 sources
Severity
7.0HIGHNVD
OSV7.8OSV6.5OSV5.3OSV4.7
EPSS
0.0%
top 98.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Linux KernelDebian LinuxDebian Linux+6 more
Timeline
PublishedJan 18
Latest updateFeb 14

Description

A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages11 packages

NVDlinux/linux_kernel4.54.9.292+7
Debianlinux/linux_kernel< 5.10.84-1+3
Ubuntulinux/linux_kernel< 4.15.0-169.177+2
CVEListV5linux/linux_kernelkernel 5.16-rc4
debiandebian/linux< linux 5.15.5-2 (bookworm)

Also affects: Debian Linux 10.0, 9.0

Patches

Patch: bugzilla.redhat.comPatch: git.kernel.orgPatch: www.oracle.com

🔴Vulnerability Details

16
OSV
CVE-2021-4083: In fget() of file2022-09-01
Project0
The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I) - Project Zero2022-08-01
OSV
CVE-2021-4083: In fget() of multiple locations, there is a possible read after free due to a race condition2022-05-01
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2022-04-01
OSV
linux-intel-5.13 vulnerabilities2022-04-01

📋Vendor Advisories

14
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
Android
CVE-2021-4083: Kernel2022-09-01
Ubuntu
Linux kernel (Intel IOTG) vulnerabilities2022-04-01
Ubuntu
Linux kernel vulnerabilities2022-04-01
Ubuntu
Linux kernel vulnerabilities2022-02-22