4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
8.9%
A memory leak flaw in the Linux kernel’s hugetlbfs memory usage was found
in the way the user maps some regions of memory twice using shmget() which
are aligned to PUD alignment with the fault of some of the memory pages. A
local user could use this flaw to get unauthorized access to some data.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-166.174 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-92.103 | UNKNOWN |
ubuntu | 21.04 | noarch | linux | < 5.11.0-44.48 | UNKNOWN |
ubuntu | 21.10 | noarch | linux | < 5.13.0-23.23 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < 3.13.0-189.240) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-218.251) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1118.125 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1061.64 | UNKNOWN |
ubuntu | 21.04 | noarch | linux-aws | < 5.11.0-1023.24 | UNKNOWN |
ubuntu | 21.10 | noarch | linux-aws | < 5.13.0-1008.9 | UNKNOWN |
git.kernel.org/linus/a4a118f2eead1d6c49e00765de89878288d4b890
launchpad.net/bugs/cve/CVE-2021-4002
nvd.nist.gov/vuln/detail/CVE-2021-4002
security-tracker.debian.org/tracker/CVE-2021-4002
ubuntu.com/security/notices/USN-5206-1
ubuntu.com/security/notices/USN-5207-1
ubuntu.com/security/notices/USN-5208-1
ubuntu.com/security/notices/USN-5209-1
ubuntu.com/security/notices/USN-5210-1
ubuntu.com/security/notices/USN-5211-1
ubuntu.com/security/notices/USN-5218-1
www.cve.org/CVERecord?id=CVE-2021-4002
www.openwall.com/lists/oss-security/2021/11/25/1
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
8.9%