Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-4159

Опубликовано: 28 янв. 2022
Источник: redhat
CVSS3: 4.4

Описание

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelOut of support scope
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise Linux 8kernelAffected
Red Hat Enterprise Linux 8kernel-rtAffected
Red Hat Enterprise Linux 9kernelNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected
Red Hat Enterprise MRG 2kernelUnder investigation

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-202->CWE-1230
https://bugzilla.redhat.com/show_bug.cgi?id=2036024kernel: another kernel ptr leak vulnerability via BPF in coerce_reg_to_size

4.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-4159

CVSS3: 4.4
ubuntu
больше 3 лет назад

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.

nvd логотип

CVE-2021-4159

CVSS3: 4.4
nvd
больше 3 лет назад

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.

debian логотип

CVE-2021-4159

CVSS3: 4.4
debian
больше 3 лет назад

A vulnerability was found in the Linux kernel's EBPF verifier when han ...

github логотип

GHSA-4f4x-m5ww-4mcw

CVSS3: 4.4
github
больше 3 лет назад

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.

fstec логотип

BDU:2022-05426

CVSS3: 4.4
fstec
почти 6 лет назад

Уязвимость подсистемы eBPF ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию

4.4 Medium

CVSS3