CVE-2021-4204

2022-01-12T23:22:23

Description

An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information. #### Mitigation The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space. For the Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled. For the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command: # cat /proc/sys/kernel/unprivileged_bpf_disabled The setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw. A kernel update will be required to mitigate the flaw for the root or users with CAP_SYS_ADMIN capabilities.

{"debiancve": [{"lastseen": "2022-06-23T06:00:21", "description": "eBPF Improper Input Validation Vulnerability", "cvss3": {}, "published": "2022-02-25T12:55:40", "type": "debiancve", "title": "CVE-2021-4204", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-4204"], "modified": "2022-02-25T12:55:40", "id": "DEBIANCVE:CVE-2021-4204", "href": "https://security-tracker.debian.org/tracker/CVE-2021-4204", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntu": [{"lastseen": "2022-01-27T03:30:39", "description": "It was discovered that the eBPF implementation in the Linux kernel did \nnot properly validate the memory size of certain ring buffer operation \narguments. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code.\n", "cvss3": {}, "published": "2022-01-11T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerability", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-4204"], "modified": "2022-01-11T00:00:00", "id": "USN-5219-1", "href": "https://ubuntu.com/security/notices/USN-5219-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-01T05:46:27", "description": "It was discovered that the NFS server implementation in the Linux kernel \ncontained an out-of-bounds write vulnerability. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2021-4090)\n\nIt was discovered that the eBPF implementation in the Linux kernel did \nnot properly validate the memory size of certain ring buffer operation \narguments. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2021-4204)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-01-11T00:00:00", "type": "ubuntu", "title": "Linux kernel (OEM) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "COMPLETE", "baseScore": 6.6, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4204", "CVE-2021-4090"], "modified": "2022-01-11T00:00:00", "id": "USN-5217-1", "href": "https://ubuntu.com/security/notices/USN-5217-1", "cvss": {"score": 6.6, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:N"}}, {"lastseen": "2022-01-12T01:27:48", "description": "Nadav Amit discovered that the hugetlb implementation in the Linux kernel \ndid not perform TLB flushes under certain conditions. A local attacker \ncould use this to leak or alter data from other processes that use huge \npages. (CVE-2021-4002)\n\nIt was discovered that the eBPF implementation in the Linux kernel did \nnot properly validate the memory size of certain ring buffer operation \narguments. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2021-4204)\n\nIt was discovered that a race condition existed in the overlay file system \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2021-20321)\n\nIt was discovered that the NFC subsystem in the Linux kernel contained a \nuse-after-free vulnerability in its NFC Controller Interface (NCI) \nimplementation. A local attacker could possibly use this to cause a denial \nof service (system crash) or execute arbitrary code. (CVE-2021-3760)\n\nIt was discovered that an integer overflow could be triggered in the eBPF \nimplementation in the Linux kernel when preallocating objects for stack \nmaps. A privileged local attacker could use this to cause a denial of \nservice or possibly execute arbitrary code. (CVE-2021-41864)\n\nIt was discovered that the KVM implementation for POWER8 processors in the \nLinux kernel did not properly keep track if a wakeup event could be \nresolved by a guest. An attacker in a guest VM could possibly use this to \ncause a denial of service (host OS crash). (CVE-2021-43056)\n\nIt was discovered that the TIPC Protocol implementation in the Linux kernel \ndid not properly validate MSG_CRYPTO messages in some situations. An \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-43267)\n\nIt was discovered that the ISDN CAPI implementation in the Linux kernel \ncontained a race condition in certain situations that could trigger an \narray out-of-bounds bug. A privileged local attacker could possibly use \nthis to cause a denial of service or execute arbitrary code. \n(CVE-2021-43389)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-01-11T00:00:00", "type": "ubuntu", "title": "Linux kernel (OEM) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4204", "CVE-2021-20321", "CVE-2021-43389", "CVE-2021-43056", "CVE-2021-41864", "CVE-2021-3760", "CVE-2021-43267", "CVE-2021-4002"], "modified": "2022-01-11T00:00:00", "id": "USN-5218-1", "href": "https://ubuntu.com/security/notices/USN-5218-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2022-02-18T11:27:53", "description": "[tr3e wang discovered that an OOB write existed in the eBPF subsystem in\n the Linux kernel on BPF_RINGBUF.]\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1956585>\n", "cvss3": {}, "published": "2022-01-11T00:00:00", "type": "ubuntucve", "title": "CVE-2021-4204", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-4204"], "modified": "2022-01-11T00:00:00", "id": "UB:CVE-2021-4204", "href": "https://ubuntu.com/security/CVE-2021-4204", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2022-04-25T00:20:57", "description": "This package contains the tools/ directory from the kernel source and the supporting documentation. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-24T20:06:28", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: kernel-tools-5.17.4-200.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4095", "CVE-2021-4204", "CVE-2022-1204"], "modified": "2022-04-24T20:06:28", "id": "FEDORA:0596E3082C37", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OFMUI3QTE6G34JAK3GAJDZGPOJUOSCRT/", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-25T00:20:57", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-24T19:43:07", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: kernel-5.17.4-100.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4095", "CVE-2021-4204", "CVE-2022-1204"], "modified": "2022-04-24T19:43:07", "id": "FEDORA:664613166567", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/G4QKJ324ANHABMHKFCTYDSCT35YVX4XK/", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-25T00:20:57", "description": "This package contains the tools/ directory from the kernel source and the supporting documentation. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-24T19:43:07", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: kernel-tools-5.17.4-100.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4095", "CVE-2021-4204", "CVE-2022-1204"], "modified": "2022-04-24T19:43:07", "id": "FEDORA:C50BF316656B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QIOQN7JJNN6ABIDGRSTVZA65MHRLMH2Q/", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-25T00:20:57", "description": "Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-24T19:43:07", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: kernel-headers-5.17.4-100.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4095", "CVE-2021-4204", "CVE-2022-1204"], "modified": "2022-04-24T19:43:07", "id": "FEDORA:AC4DF316656A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2Y5SY3PDEN3224RZH5JDDFN7VBTKBAVI/", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-25T00:20:57", "description": "Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-24T20:06:27", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: kernel-headers-5.17.4-200.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4095", "CVE-2021-4204", "CVE-2022-1204"], "modified": "2022-04-24T20:06:27", "id": "FEDORA:DA7083082C36", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IEMABVUMRYD6MRPSVZSSZ3NRGRR2RK65/", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-25T00:20:57", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-24T20:06:27", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: kernel-5.17.4-200.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4095", "CVE-2021-4204", "CVE-2022-1204"], "modified": "2022-04-24T20:06:27", "id": "FEDORA:36BBF3082C35", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VT6573CGKVK3DU2632VVO5BVM4IU7SBV/", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}], "photon": [{"lastseen": "2022-05-12T18:39:35", "description": "Updates of ['linux-esx', 'linux-rt', 'linux', 'linux-secure', 'linux-aws'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-08T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-0351", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4155", "CVE-2021-4204", "CVE-2022-23222"], "modified": "2022-01-08T00:00:00", "id": "PHSA-2022-0351", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-351", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T17:53:51", "description": "Updates of ['linux-esx', 'linux'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-29T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-0461", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4155", "CVE-2021-4204", "CVE-2022-23222"], "modified": "2021-11-29T00:00:00", "id": "PHSA-2021-0461", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-461", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T18:12:22", "description": "Updates of ['linux-esx', 'linux', 'linux-secure', 'linux-aws'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-10T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0429", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-25020", "CVE-2021-39685", "CVE-2021-4002", "CVE-2021-4155", "CVE-2021-4204", "CVE-2022-23222"], "modified": "2022-01-10T00:00:00", "id": "PHSA-2022-0429", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-429", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T18:53:26", "description": "Updates of ['systemd', 'linux-aws', 'linux-secure', 'aide', 'ImageMagick', 'linux-rt', 'linux', 'expat', 'linux-esx', 'cryptsetup', 'wireshark'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-22T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-0145", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39212", "CVE-2021-3997", "CVE-2021-4122", "CVE-2021-4155", "CVE-2021-4181", "CVE-2021-4182", "CVE-2021-4183", "CVE-2021-4184", "CVE-2021-4185", "CVE-2021-4190", "CVE-2021-4204", "CVE-2021-45417", "CVE-2021-45960", "CVE-2021-46143", "CVE-2022-22822", "CVE-2022-22823", "CVE-2022-22824", "CVE-2022-22825", "CVE-2022-22826", "CVE-2022-22827", "CVE-2022-23222"], "modified": "2022-01-22T00:00:00", "id": "PHSA-2022-0145", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-145", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:35", "description": "This kernel update is based on upstream 5.15.15 and fixes at least the following security issues: A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them (CVE-2021-4155). An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system (CVE-2021-4197). Lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel (CVE-2021-4204). A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (CVE-2021-44733). pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak (CVE-2021-45095). The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption (CVE-2021-45100). kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types (CVE-2022-23222). In addition to the upstream changes, we also have changed the following: \\- iwlwifi: mvm: check if SAR GEO is supported before sending command \\- select: Fix indefinitely sleeping task in poll_schedule_timeout() \\- ALSA: hda: Add AlderLake-N/P PCI ID \\- enable NF_TABLES_INET, NFT_REJECT_INET and NFT_FIB_INET (mga#29852) \\- disable CIFS_SMB_DIRECT on desktop kernels as it makes loading cifs deps fail on some setups (mga#29784) \\- disable unprivileged bpf by default to mitigate other potential security issues with bpf For other upstream fixes, see the referenced changelogs. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-18T15:43:35", "type": "mageia", "title": "Updated kernel packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4155", "CVE-2021-4197", "CVE-2021-4204", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45100", "CVE-2022-23222"], "modified": "2022-01-18T15:43:35", "id": "MGASA-2022-0021", "href": "https://advisories.mageia.org/MGASA-2022-0021.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-06-15T16:51:03", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5218-1 advisory.\n\n - An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter- Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type. (CVE-2021-43267)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-01-11T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5218-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-4204", "CVE-2021-43056", "CVE-2021-43267", "CVE-2021-43389"], "modified": "2022-02-22T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1026-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1026-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04c", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1026-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04c", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1026-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1026-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04c", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13-headers-5.13.0-1026", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13-tools-5.13.0-1026", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1026-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04c"], "id": "UBUNTU_USN-5218-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156613", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5218-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156613);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/22\");\n\n script_cve_id(\n \"CVE-2021-3760\",\n \"CVE-2021-4002\",\n \"CVE-2021-4204\",\n \"CVE-2021-20321\",\n \"CVE-2021-41864\",\n \"CVE-2021-43056\",\n \"CVE-2021-43267\",\n \"CVE-2021-43389\"\n );\n script_xref(name:\"USN\", value:\"5218-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5218-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5218-1 advisory.\n\n - An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-\n Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of\n user-supplied sizes for the MSG_CRYPTO message type. (CVE-2021-43267)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat\n to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users\n do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5218-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43267\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1026-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1026-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1026-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1026-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1026-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13-headers-5.13.0-1026\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13-tools-5.13.0-1026\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1026-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04c\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022 Canonical, Inc. / NASL script (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2021-3760', 'CVE-2021-4002', 'CVE-2021-20321', 'CVE-2021-41864', 'CVE-2021-43056', 'CVE-2021-43267', 'CVE-2021-43389');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5218-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.13.0-1026-oem', 'pkgver': '5.13.0-1026.32'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.13.0-1026-oem', 'pkgver': '5.13.0-1026.32'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-20.04c', 'pkgver': '5.13.0.1026.29'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.13.0-1026-oem', 'pkgver': '5.13.0-1026.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04c', 'pkgver': '5.13.0.1026.29'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.13.0-1026-oem', 'pkgver': '5.13.0-1026.32'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.13.0-1026-oem', 'pkgver': '5.13.0-1026.32'},\n {'osver': '20.04', 'pkgname': 'linux-oem-20.04c', 'pkgver': '5.13.0.1026.29'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.13-headers-5.13.0-1026', 'pkgver': '5.13.0-1026.32'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.13-tools-5.13.0-1026', 'pkgver': '5.13.0-1026.32'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.13-tools-host', 'pkgver': '5.13.0-1026.32'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.13.0-1026-oem', 'pkgver': '5.13.0-1026.32'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-20.04c', 'pkgver': '5.13.0.1026.29'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-buildinfo-5.13.0-1026-oem / linux-headers-5.13.0-1026-oem / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}

CVE-2021-4204

Description

Related