4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1.4 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:M/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.3%
A vulnerability was found in the Linux kernel’s EBPF verifier when handling
internal data structures. Internal memory locations could be returned to
userspace. A local attacker with the permissions to insert eBPF code to the
kernel can use this to leak internal kernel memory details defeating some
of the exploit mitigations in place for the kernel.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-201.212 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-128.144 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1147.159 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1086.93 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < 5.4.0-1086.93~18.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < 4.15.0-1147.159~16.04.1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < 5.4.0-1094.100 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-azure | < 4.15.0-1158.173~14.04.1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure | < 4.15.0-1159.174~16.04.1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-4.15 | < 4.15.0-1158.173 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2021-4159
nvd.nist.gov/vuln/detail/CVE-2021-4159
security-tracker.debian.org/tracker/CVE-2021-4159
ubuntu.com/security/notices/USN-5668-1
ubuntu.com/security/notices/USN-5677-1
ubuntu.com/security/notices/USN-5682-1
ubuntu.com/security/notices/USN-5706-1
ubuntu.com/security/notices/USN-5790-1
www.cve.org/CVERecord?id=CVE-2021-4159
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1.4 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:M/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.3%