CVE-2021-4135

Published: Jul 14, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data.

Affected (7)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.16
Linux Linux Kernel	Version 5.16
Linux Linux Kernel	Version 5.16 rc1
Linux Linux Kernel	Version 5.16 rc2
Linux Linux Kernel	Version 5.16 rc3
Linux Linux Kernel	Version 5.16 rc4
Linux Linux Kernel	Version 5.16 rc5

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (2)

https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=481221775d53

Source: secalert@redhat.com

Mailing ListPatchVendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=481221775d53

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

Timeline

No history available yet.