CVE-2021-4135

Published on: Not Yet Published

Last Modified on: 07/20/2022 02:05:00 PM UTC

CVE-2021-4135

Source: Mitre Source: NIST CVE.ORG Print: PDF PDF
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Certain versions of Linux Kernel from Linux contain the following vulnerability:

A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data.

  • CVE-2021-4135 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.5 - MEDIUM

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED HIGH NONE NONE

CVE References

Description Tags Link
kernel/git/netdev/net.git - Netdev Group's networking tree git.kernel.org
text/html
 URL Logo MISC git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=481221775d53
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

  • 179117 Debian Security Update for linux (DSA 5096-1)
  • 179119 Debian Security Update for linux-4.19 (DLA 2941-1)
  • 179900 Debian Security Update for linux (CVE-2021-4135)
  • 198659 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5278-1)
  • 198708 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5337-1)
  • 198709 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5338-1)
  • 198731 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5368-1)
  • 198740 Ubuntu Security Notification for Linux kernel (BlueField) Vulnerabilities (USN-5377-1)
  • 353130 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-021
  • 353151 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-009
  • 376925 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0125)
  • 377124 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2022:0029)
  • 377181 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2022:0022)
  • 671367 EulerOS Security Update for kernel (EulerOS-SA-2022-1308)
  • 671380 EulerOS Security Update for kernel (EulerOS-SA-2022-1292)
  • 671436 EulerOS Security Update for kernel (EulerOS-SA-2022-1352)
  • 671498 EulerOS Security Update for kernel (EulerOS-SA-2022-1466)
  • 671543 EulerOS Security Update for kernel (EulerOS-SA-2022-1475)
  • 751654 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0197-1)
  • 751657 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0198-1)
  • 751666 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0169-1)
  • 751696 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0364-1)
  • 751697 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0366-1)
  • 751701 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0366-1)
  • 751703 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0372-1)
  • 751993 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0198-1)
  • 753194 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0288-1)
  • 753267 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0169-1)
  • 753462 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0289-1)
  • 902526 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10137)
  • 903997 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10134-1)
  • 904149 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10137-1)
  • 906021 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10134-2)
  • 906429 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (10137-2)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System		LinuxLinux KernelAllAllAllAll
Operating
System		LinuxLinux Kernel5.16-AllAll
Operating
System		LinuxLinux Kernel5.16rc1AllAll
Operating
System		LinuxLinux Kernel5.16rc2AllAll
Operating
System		LinuxLinux Kernel5.16rc3AllAll
Operating
System		LinuxLinux Kernel5.16rc4AllAll
Operating
System		LinuxLinux Kernel5.16rc5AllAll
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:5.16:-:*:*:*:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:5.16:rc3:*:*:*:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:5.16:rc4:*:*:*:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:5.16:rc5:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @threatmeter CVE-2021-40450 Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-4135… twitter.com/i/web/status/1… 2021-10-14 07:09:39
Twitter Icon @threatmeter CVE-2021-40449 Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-4135… twitter.com/i/web/status/1… 2021-10-14 07:09:40
Twitter Icon @management_sun IT Risk: SUSE.Multiple vulnerabilities in the Linux Kernel -3/3 CVE-2021-4135 CVE-2021-4083 CVE-2021-4002 CVE-2021-4001 2022-01-27 07:36:09
Twitter Icon @management_sun IT Risk: Ubuntu.Linux kernel (OEM)に複数の脆弱性 -2/2 CVE-2021-39685 CVE-2021-4001 CVE-2021-4083 CVE-2021-4135 CVE-2021-41… twitter.com/i/web/status/1… 2022-02-09 11:40:41
Twitter Icon @management_sun IT Risk: Tenable.Nessusに複数の脆弱性 CVSS v3:9.8(MAX) -2/2 CVE-2021-4001 CVE-2021-4083 CVE-2021-4135 CVE-2021-4155 CVE-20… twitter.com/i/web/status/1… 2022-02-09 11:51:33
Twitter Icon @softek_jp Linux Kernel の netdevsim ドライバの処理に情報漏洩の問題 (CVE-2021-4135) [41283] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報 2022-02-10 05:35:09
Twitter Icon @management_sun IT Risk: SUSE.Linux Kernelに複数の脆弱性 -2/3 CVE-2021-4159 CVE-2021-4149 CVE-2021-4135 CVE-2021-4083 CVE-2021-4002 CVE-20… twitter.com/i/web/status/1… 2022-02-11 08:14:00
Twitter Icon @CVEreport CVE-2021-4135 : A memory leak vulnerability was found in the #Linux #kernel's eBPF for the Simulated networking dev… twitter.com/i/web/status/1… 2022-07-14 20:06:49
Reddit Logo Icon /r/netcve CVE-2021-4135 2022-07-14 20:38:23
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report