CVE-2021-4159Exposure of Sensitive Information Through Data Queries in Kernel

CWE-202Exposure of Sensitive Information Through Data QueriesCWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere16 documents7 sources
Severity
4.4MEDIUMNVD
EPSS
0.1%
top 80.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxRedhat Enterprise Linux
Timeline
PublishedAug 24
Latest updateJan 6

Description

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages4 packages

Debianlinux/linux_kernel< 5.7.6-1+3
Ubuntulinux/linux_kernel< 4.15.0-201.212+1
CVEListV5linux/linux_kernelFixed in v5.7-rc1

Also affects: Debian Linux 10.0, Enterprise Linux 8.0

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

8
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities2023-01-06
OSV
linux-azure-fde vulnerabilities2022-10-27
OSV
linux-aws-5.4 vulnerabilities2022-10-14
OSV
linux-gcp, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities2022-10-13
OSV
linux, linux-aws, linux-bluefield, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle vulnerabilities2022-10-10

📋Vendor Advisories

7
Ubuntu
Linux kernel vulnerabilities2023-01-06
Ubuntu
Linux kernel (Azure CVM) vulnerabilities2022-10-27
Ubuntu
Linux kernel (AWS) vulnerabilities2022-10-14
Ubuntu
Linux kernel vulnerabilities2022-10-13
Ubuntu
Linux kernel vulnerabilities2022-10-10
CVE-2021-4159 — Linux Kernel vulnerability | cvebase