Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-21703
HistoryOct 21, 2021 - 12:00 a.m.

CVE-2021-21703

2021-10-2100:00:00
ubuntu.com
ubuntu.com
85

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

51.0%

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and
8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process
running as root and child worker processes running as lower-privileged
users, it is possible for the child processes to access memory shared with
the main process and write to it, modifying it in a way that would cause
the root process to conduct invalid memory reads and writes, which can be
used to escalate privileges from local unprivileged user to the root user.

Bugs

Notes

Author Note
sbeattie PEAR issues should go against php-pear as of xenial
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchphp5< 5.5.9+dfsg-1ubuntu4.29+esm15UNKNOWN
ubuntu16.04noarchphp7.0< 7.0.33-0ubuntu0.16.04.16+esm2UNKNOWN
ubuntu18.04noarchphp7.2< 7.2.24-0ubuntu0.18.04.10UNKNOWN
ubuntu20.04noarchphp7.4< 7.4.3-4ubuntu2.7UNKNOWN
ubuntu21.04noarchphp7.4< 7.4.16-1ubuntu2.2UNKNOWN
ubuntu21.10noarchphp8.0< 8.0.8-1ubuntu0.1UNKNOWN

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

51.0%