CVE-2021-4159
Summary
| CVE | CVE-2021-4159 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-24 16:15:00 UTC |
| Updated | 2022-10-06 15:30:00 UTC |
| Description | A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Redhat | Enterprise Linux | 8.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| kernel/git/torvalds/linux.git - Linux kernel source tree | MISC | git.kernel.org | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| [SECURITY] [DLA 3131-1] linux security update | MLIST | lists.debian.org | |
| 2036024 – (CVE-2021-4159) CVE-2021-4159 kernel: another kernel ptr leak vulnerability via BPF in coerce_reg_to_size | MISC | bugzilla.redhat.com | |
| CVE-2021-4159 | MISC | security-tracker.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 180147 Debian Security Update for linux (CVE-2021-4159)
- 181091 Debian Security Update for linux (DLA 3131-1)
- 198980 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5668-1)
- 198987 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5677-1)
- 198990 Ubuntu Security Notification for Linux kernel (AWS) Vulnerabilities (USN-5682-1)
- 199011 Ubuntu Security Notification for Linux kernel (Azure CVM) Vulnerabilities (USN-5706-1)
- 199090 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5790-1)
- 354071 Amazon Linux Security Advisory for kernel : ALAS-2022-1636
- 354075 Amazon Linux Security Advisory for kernel : ALAS2-2022-1852
- 354081 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-036
- 377766 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2022:0049)
- 377871 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2023:0001)
- 671441 EulerOS Security Update for kernel (EulerOS-SA-2022-1366)
- 671448 EulerOS Security Update for kernel (EulerOS-SA-2022-1450)
- 671474 EulerOS Security Update for kernel (EulerOS-SA-2022-1429)
- 671630 EulerOS Security Update for kernel (EulerOS-SA-2022-1647)
- 671631 EulerOS Security Update for kernel (EulerOS-SA-2022-1661)
- 751695 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0367-1)
- 751697 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0366-1)
- 751700 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0363-1)
- 751701 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0366-1)
- 751702 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0371-1)
- 751703 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0372-1)
- 753212 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0363-1)