Lucene search

K
cvelistRedhatCVELIST:CVE-2021-4154
HistoryFeb 04, 2022 - 10:29 p.m.

CVE-2021-4154

2022-02-0422:29:17
CWE-416
redhat
www.cve.org
10
cve-2021-4154
use-after-free
cgroup-v1 parser
privilege escalation
fsconfig syscall
container breakout
denial of service

AI Score

8.5

Confidence

High

EPSS

0

Percentile

5.1%

A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel’s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.

CNA Affected

[
  {
    "product": "kernel",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in kernel 5.14 rc2"
      }
    ]
  }
]