Lucene search

RedhatCVE-2021-4083

HistoryJan 18, 2022 - 5:15 p.m.

CVE-2021-4083

2022-01-1817:15:09

CWE-362

CWE-416

redhat

web.nvd.nist.gov

348

cve-2021-4083

linux kernel

unix domain socket

memory flaw

privilege escalation

nvd

security vulnerability

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

Percentile

9.8%

JSON

A read-after-free memory flaw was found in the Linux kernel’s garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.

Affected configurations

Nvd

Vulners

Node

linuxlinux_kernelRange<4.4.294

linuxlinux_kernelRange4.5–4.9.292

linuxlinux_kernelRange4.10–4.14.257

linuxlinux_kernelRange4.15–4.19.220

linuxlinux_kernelRange4.20–5.4.164

linuxlinux_kernelRange5.5.0–5.10.84

linuxlinux_kernelRange5.11–5.15.7

linuxlinux_kernelMatch5.16rc1

linuxlinux_kernelMatch5.16rc2

linuxlinux_kernelMatch5.16rc3

Node

netapph410cMatch-

AND

netapph410c_firmwareMatch-

Node

netapph300sMatch-

AND

netapph300s_firmwareMatch-

Node

netapph500sMatch-

AND

netapph500s_firmwareMatch-

Node

netapph700sMatch-

AND

netapph700s_firmwareMatch-

Node

netapph300eMatch-

AND

netapph300e_firmwareMatch-

Node

netapph500eMatch-

AND

netapph500e_firmwareMatch-

Node

netapph700eMatch-

AND

netapph700e_firmwareMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

netapphci_management_nodeMatch-

netappsolidfireMatch-

Node

oraclecommunications_cloud_native_core_binding_support_functionMatch22.1.3

oraclecommunications_cloud_native_core_network_exposure_functionMatch22.1.1

oraclecommunications_cloud_native_core_policyMatch22.2.0

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel5.16cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*
linuxlinux_kernel5.16cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*
linuxlinux_kernel5.16cpe:2.3:o:linux:linux_kernel:5.16:rc3:*:*:*:*:*:*
netapph410c-cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
netapph410c_firmware-cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
netapph300s-cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
netapph300s_firmware-cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
netapph500s-cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
netapph500s_firmware-cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	5.16	cpe:2.3:o:linux:linux_kernel:5.16:rc1::::::
linux	linux_kernel	5.16	cpe:2.3:o:linux:linux_kernel:5.16:rc2::::::
linux	linux_kernel	5.16	cpe:2.3:o:linux:linux_kernel:5.16:rc3::::::
netapp	h410c	-	cpe:2.3:h:netapp:h410c:-:::::::*
netapp	h410c_firmware	-	cpe:2.3:o:netapp:h410c_firmware:-:::::::*
netapp	h300s	-	cpe:2.3:h:netapp:h300s:-:::::::*
netapp	h300s_firmware	-	cpe:2.3:o:netapp:h300s_firmware:-:::::::*
netapp	h500s	-	cpe:2.3:h:netapp:h500s:-:::::::*
netapp	h500s_firmware	-	cpe:2.3:o:netapp:h500s_firmware:-:::::::*

Rows per page:

1-10 of 271

CNA Affected

[
  {
    "product": "kernel",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "kernel 5.16-rc4"
      }
    ]
  }
]