Lucene search

K
osvGoogleOSV:CVE-2021-20194
HistoryFeb 23, 2021 - 11:15 p.m.

CVE-2021-20194

2021-02-2323:15:13
Google
osv.dev
16
linux kernel
vulnerability
heap overflow
privilege escalation

AI Score

7

Confidence

High

EPSS

0

Percentile

5.1%

There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.