Lucene search

[email protected]CVE-2021-4203

HistoryMar 25, 2022 - 7:15 p.m.

CVE-2021-4203

2022-03-2519:15:00

CWE-362

[email protected]

web.nvd.nist.gov

230

cve-2021-4203

nvd

use-after-free

sock_getsockopt

net/core/sock.c

linux kernel

security vulnerability

so_peercred

so_peergroups

race condition

privilege escalation.

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

6.6 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:N/A:P

0.002 Low

EPSS

Percentile

52.4%

JSON

A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

bugs.chromium.org/p/project-zero/issues/detail?id=2230&can=7&q=modified-after%3Atoday-30&sort=-modified&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve&cells=tiles&redir=1

bugzilla.redhat.com/show_bug.cgi?id=2036934

git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814

lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/

security.netapp.com/advisory/ntap-20221111-0003/

www.oracle.com/security-alerts/cpujul2022.html