CVE-2021-3492 Ubuntu linux kernel shiftfs file system double free vulnerability

2021-04-1704:20:16

CWE-415

CWE-401

canonical

www.cve.org

cve-2021-3492

ubuntu

linux kernel

shiftfs

file system

double free

vulnerability

denial of service

memory exhaustion

privilege escalation

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

17.9%

JSON

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.

CNA Affected

[
  {
    "product": "Linux kernel",
    "vendor": "Ubuntu",
    "versions": [
      {
        "lessThan": "5.8.0-50.56",
        "status": "affected",
        "version": "5.8 kernel",
        "versionType": "custom"
      },
      {
        "lessThan": "5.4.0-72.80",
        "status": "affected",
        "version": "5.4 kernel",
        "versionType": "custom"
      }
    ]
  }
]