Lucene search

[email protected]NVD:CVE-2021-4197

HistoryMar 23, 2022 - 8:15 p.m.

CVE-2021-4197

2022-03-2320:15:10

CWE-287

[email protected]

web.nvd.nist.gov

linux

kernel

control groups

namespaces

subsystem

privileges

flaw

escalation

cve-2021-4197

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.8%

JSON

An unprivileged write to the file handler flaw in the Linux kernel’s control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.

Affected configurations

Nvd

Node

linuxlinux_kernelRange4.2–4.14.276

linuxlinux_kernelRange4.15–4.19.238

linuxlinux_kernelRange4.20–5.4.189

linuxlinux_kernelRange5.5–5.10.111

linuxlinux_kernelRange5.11–5.15.14

Node

oraclecommunications_cloud_native_core_binding_support_functionMatch22.1.1

oraclecommunications_cloud_native_core_binding_support_functionMatch22.1.3

oraclecommunications_cloud_native_core_binding_support_functionMatch22.2.0

debiandebian_linuxMatch10.0

Node

broadcombrocade_fabric_operating_system_firmwareMatch-

Node

netapph300s_firmwareMatch-

AND

netapph300sMatch-

Node

netapph500s_firmwareMatch-

AND

netapph500sMatch-

Node

netapph700s_firmwareMatch-

AND

netapph700sMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

netapph410c_firmwareMatch-

AND

netapph410cMatch-

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
oraclecommunications_cloud_native_core_binding_support_function22.1.1cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:*:*:*:*:*:*:*
oraclecommunications_cloud_native_core_binding_support_function22.1.3cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
oraclecommunications_cloud_native_core_binding_support_function22.2.0cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
broadcombrocade_fabric_operating_system_firmware-cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*
netapph300s_firmware-cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
netapph300s-cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
netapph500s_firmware-cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
netapph500s-cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
oracle	communications_cloud_native_core_binding_support_function	22.1.1	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:::::::*
oracle	communications_cloud_native_core_binding_support_function	22.1.3	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:::::::*
oracle	communications_cloud_native_core_binding_support_function	22.2.0	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
broadcom	brocade_fabric_operating_system_firmware	-	cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:::::::*
netapp	h300s_firmware	-	cpe:2.3:o:netapp:h300s_firmware:-:::::::*
netapp	h300s	-	cpe:2.3:h:netapp:h300s:-:::::::*
netapp	h500s_firmware	-	cpe:2.3:o:netapp:h500s_firmware:-:::::::*
netapp	h500s	-	cpe:2.3:h:netapp:h500s:-:::::::*