CVE-2021-4154

CWE-416 — Use After Free9 documents8 sources

Severity

8.8HIGH

EPSS

0.8%

top 25.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Netapp HCI Baseboard Management Controller Redhat Enterprise Linux +1 more

Timeline

PublishedFeb 4

Latest updateJun 1

Description

A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages6 packages

▶Android:linux_kernel::0 — :2022-06-05

▶NVDlinux/linux_kernel5.1 — 5.4.134+4

▶CVEListV5kernelFixed in kernel 5.14 rc2

▶Debianlinux< 5.10.70-1+3

▶NVDredhat/virtualization4.0

Also affects: Enterprise Linux 8.0

Patches

Patch: bugzilla.redhat.com ↗Patch: git.kernel.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

CVE-2021-4154: In cgroup1_parse_param of cgroup-v1↗2022-06-01

▶

GHSA

GHSA-qvm5-4fh7-hcfx: A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1↗2022-02-11

▶

OSV

CVE-2021-4154: A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1↗2022-02-04

▶

CVEList

CVE-2021-4154: A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1↗2022-02-04

▶

📋Vendor Advisories

Android

CVE-2021-4154: Kernel↗2022-06-01

▶

Microsoft

▶

Red Hat

kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout↗2021-12-14

▶

Debian

CVE-2021-4154: linux - A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v...↗2021

▶