CVE-2021-4159

Sažetak

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.

Reference

https://access.redhat.com/security/cve/CVE-2021-4159
https://bugzilla.redhat.com/show_bug.cgi?id=2036024
https://security-tracker.debian.org/tracker/CVE-2021-4159
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd
https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html

CVSS

Base:	4.4
Impact:	3.6
Exploitability:	0.8

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	-

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

06-10-2022 - 15:30

Objavljeno

24-08-2022 - 16:15