CVE-2021-43057 — Use After Free in Kernel

CWE-416 — Use After Free8 documents7 sources

Severity

7.8HIGHNVD

OSV3.3

EPSS

0.1%

top 64.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Msrc Cbl2 Kernel 5.15.2.1-1 ON CBL Mariner 2.0 +1 more

Timeline

PublishedOct 28

Latest updateMay 24

Description

An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDlinux/linux_kernel5.13 — 5.14.8

▶Debianlinux/linux_kernel< 5.14.9-1+2

▶debiandebian/linux< linux 5.14.9-1 (bookworm)

▶msrcmsrc/cbl2_kernel_5.15.2.1-1_on_cbl_mariner_2.0

▶msrcmsrc/cm1_kernel_5.10.78.1-2_on_cbl_mariner_1.0

Patches

Patch: bugs.chromium.org ↗Patch: cdn.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-h3xq-35q6-gh9g: An issue was discovered in the Linux kernel before 5↗2022-05-24

▶

OSV

linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem-5.13, linux-oracle, linux-raspi vulnerabilities↗2021-11-30

▶

OSV

CVE-2021-43057: An issue was discovered in the Linux kernel before 5↗2021-10-28

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2021-11-30

▶

Microsoft

▶

Red Hat

kernel: use-after-free in the SELinux handler for PTRACE_TRACEME↗2021-09-23

▶

Debian

CVE-2021-43057: linux - An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in s...↗2021

▶