CVE-2021-4204Improper Input Validation in Kernel

CWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write11 documents7 sources
Severity
7.1HIGHNVD
OSV4.7
EPSS
0.8%
top 26.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxRedhat Enterprise Linux
Timeline
PublishedAug 24
Latest updateAug 25

Description

An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

NVDlinux/linux_kernel< 5.8.0+1
Debianlinux/linux_kernel< 5.17.3-1+2
CVEListV5linux/linux_kernelAffects Linux kernel v5.8 or later

Also affects: Debian Linux 11.0, Enterprise Linux 9.0

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

5
GHSA
GHSA-5gx9-gr87-492v: An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation2022-08-25
OSV
CVE-2021-4204: An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation2022-08-24
CVEList
CVE-2021-4204: An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation2022-08-24
OSV
linux-oem-5.13 vulnerabilities2022-01-11
OSV
linux-oem-5.14 vulnerabilities2022-01-11

📋Vendor Advisories

5
Ubuntu
Linux kernel (OEM) vulnerabilities2022-01-11
Red Hat
kernel: improper input validation may lead to privilege escalation2022-01-11
Ubuntu
Linux kernel (OEM) vulnerabilities2022-01-11
Ubuntu
Linux kernel vulnerability2022-01-11
Debian
CVE-2021-4204: linux - An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF d...2021
CVE-2021-4204 — Improper Input Validation in Kernel | cvebase