CVE-2021-4135Sensitive Information Exposure in Kernel

CWE-200Sensitive Information ExposureCWE-401Missing Release of Memory after Effective Lifetime15 documents6 sources
Severity
5.5MEDIUMNVD
OSV6.5OSV4.7
EPSS
0.0%
top 86.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.67.1-4 ON CBL Mariner 2.0+1 more
Timeline
PublishedJul 14

Description

A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

NVDlinux/linux_kernel< 5.16+1
Debianlinux/linux_kernel< 5.10.92-1+3
Ubuntulinux/linux_kernel< 5.4.0-105.119
CVEListV5linux/linux_kernelLinux kernel versions prior to 5.16-rc6
debiandebian/linux< linux 5.15.15-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

6
OSV
CVE-2021-4135: A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device su2022-07-14
OSV
linux-bluefield vulnerabilities2022-04-13
OSV
linux-azure-5.13, linux-oracle-5.13 vulnerabilities2022-04-06
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gcp, linux-gcp-5.4, linux-gke, lnux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.42022-03-22
OSV
linux, linux-aws, linux-aws-5.13, linux-gcp, linux-gcp-5.13, linux-hwe-5.13, linux-kvm, linux-oracle, linux-raspi vulnerabilities2022-03-22

📋Vendor Advisories

8
Microsoft
A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called.2022-07-12
Ubuntu
Linux kernel (BlueField) vulnerabilities2022-04-13
Ubuntu
Linux kernel vulnerabilities2022-04-06
Ubuntu
Linux kernel vulnerabilities2022-03-22
Ubuntu
Linux kernel vulnerabilities2022-03-22