CVE-2021-4203

Published on: Not Yet Published

Last Modified on: 12/08/2022 10:19:00 PM UTC

CVE-2021-4203

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

Certain versions of Linux Kernel from Linux contain the following vulnerability:

A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.

CVE-2021-4203 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 6.8 - MEDIUM

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
NETWORK	HIGH	LOW	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	NONE	HIGH

CVSS2 Score: 4.9 - MEDIUM

Access Vector^ⓘ	Access Complexity	Authentication
NETWORK	MEDIUM	SINGLE
Confidentiality Impact	Integrity Impact	Availability Impact
PARTIAL	NONE	PARTIAL

CVE References

Description	Tags ^ⓘ	Link
kernel/git/netdev/net.git - Netdev Group's networking tree	git.kernel.org text/html	MISC git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814
[PATCH net] af_unix: fix races in sk_peer_pid and sk_peer_cred accesses	lore.kernel.org text/html	MISC lore.kernel.org/netdev/[email protected]/T/
CVE-2021-4203 Linux Kernel Vulnerability in NetApp Products \| NetApp Product Security	security.netapp.com text/html	CONFIRM security.netapp.com/advisory/ntap-20221111-0003/
2230 - project-zero - Project Zero - Monorail	bugs.chromium.org text/html	MISC bugs.chromium.org/p/project-zero/issues/detail?id=2230&can=7&q=modified-after%3Atoday-30&sort=-modified&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve&cells=tiles&redir=1
2036934 – (CVE-2021-4203) CVE-2021-4203 kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses	bugzilla.redhat.com text/html	MISC bugzilla.redhat.com/show_bug.cgi?id=2036934
Oracle Critical Patch Update Advisory - July 2022	www.oracle.com text/html	MISC www.oracle.com/security-alerts/cpujul2022.html

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

159777 Oracle Enterprise Linux Security Update for unbreakable enterprise kernel (ELSA-2022-9348)
159825 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-1988)
179117 Debian Security Update for linux (DSA 5096-1)
179119 Debian Security Update for linux-4.19 (DLA 2941-1)
179819 Debian Security Update for linux (CVE-2021-4203)
240275 Red Hat Update for kernel-rt (RHSA-2022:1975)
240298 Red Hat Update for kernel security (RHSA-2022:1988)
240544 Red Hat Update for kernel-rt (RHSA-2022:5633)
240545 Red Hat Update for kernel (RHSA-2022:5626)
353242 Amazon Linux Security Advisory for kernel : ALAC2012-2022-036
353243 Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2022-037
353244 Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2022-038
377053 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2022:0028)
390261 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2022-0014)
671448 EulerOS Security Update for kernel (EulerOS-SA-2022-1450)
671474 EulerOS Security Update for kernel (EulerOS-SA-2022-1429)
671505 EulerOS Security Update for kernel (EulerOS-SA-2022-1489)
671535 EulerOS Security Update for kernel (EulerOS-SA-2022-1508)
671862 EulerOS Security Update for kernel (EulerOS-SA-2022-1896)
752584 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3265-1)
752589 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3264-1)
752591 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3274-1)
752592 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3282-1)
752596 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3291-1)
752615 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3408-1)
752632 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3450-1)
753370 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3609-1)
753374 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:3809-1)
753745 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:0634-1)
753807 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:0768-1)
753832 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:0852-1)
753914 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:1848-1)
754023 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2023:2232-1)
900806 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9266)
901305 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9266-1)
906130 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9266-2)
940517 AlmaLinux Security Update for kernel (ALSA-2022:1988)

Exploit/POC from Github

This repository contains a collection of data files on known Common Vulnerabilities and Exposures (CVEs). Each file i…

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Linux	Linux Kernel	All	All	All	All
Application	Linux	Linux Kernel	5.15	-	All	All
Application	Linux	Linux Kernel	5.15	rc1	All	All
Application	Linux	Linux Kernel	5.15	rc2	All	All
Application	Linux	Linux Kernel	5.15	rc3	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	5.15	-	All	All
Operating System	Linux	Linux Kernel	5.15	rc1	All	All
Operating System	Linux	Linux Kernel	5.15	rc2	All	All
Operating System	Linux	Linux Kernel	5.15	rc3	All	All
Hardware	Netapp	A700s	-	All	All	All
Operating System	Netapp	A700s Firmware	-	All	All	All
Application	Netapp	Active Iq Unified Manager	-	All	All	All
Operating System	Netapp	Bootstrap Os	-	All	All	All
Application	Netapp	E-series Santricity Os Controller	All	All	All	All
Application	Netapp	Element Software	-	All	All	All
Hardware	Netapp	H300s	-	All	All	All
Operating System	Netapp	H300s Firmware	-	All	All	All
Hardware	Netapp	H410c	-	All	All	All
Operating System	Netapp	H410c Firmware	-	All	All	All
Hardware	Netapp	H410s	-	All	All	All
Operating System	Netapp	H410s Firmware	-	All	All	All
Hardware	Netapp	H500s	-	All	All	All
Operating System	Netapp	H500s Firmware	-	All	All	All
Hardware	Netapp	H700s	-	All	All	All
Operating System	Netapp	H700s Firmware	-	All	All	All
Hardware	Netapp	Hci Compute Node	-	All	All	All
Application	Netapp	Hci Management Node	-	All	All	All
Application	Netapp	Solidfire	-	All	All	All
Application	Oracle	Communications Cloud Native Core Binding Support Function	22.1.3	All	All	All
Application	Oracle	Communications Cloud Native Core Network Exposure Function	22.1.1	All	All	All
Application	Oracle	Communications Cloud Native Core Policy	22.2.0	All	All	All

cpe:2.3:a:linux:linux_kernel:*:*:*:*:*:*:*:*:
cpe:2.3:a:linux:linux_kernel:5.15:-:*:*:*:*:*:*:
cpe:2.3:a:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*:
cpe:2.3:a:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*:
cpe:2.3:a:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*:
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*:
cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*:
cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*:
cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*:
cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*:
cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*:
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*:
cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*:
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*:
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*:
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*:
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*:
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*:
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*:
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@softek_jp	Linux Kernel の UNIX ドメインソケットの処理に特権を奪われる問題 (CVE-2021-4203) [41563] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報	2022-03-11 06:00:05
@CVEreport	CVE-2021-4203 : A use-after-free read flaw was found in sock_getsockopt in net/core/sock.c due to SO_PEERCRED and… twitter.com/i/web/status/1…	2022-03-25 19:13:37
/r/netcve	CVE-2021-4203	2022-03-25 20:38:40
/r/synology	DSM Version: 7.1.1-42951 (Release Candidate)	2022-08-10 06:07:14
/r/synology	Has anyone seen the release notes for the latest DSM 7.1.1 Release Candidate. Fixes a scary amount of CVEs.	2022-08-16 14:26:29
/r/synology	DSM 7.1.1-42962 released!	2022-09-05 11:39:36
/r/asustor	ADM 4.1.0.RLQ1 update available (2022-09-28)	2022-10-08 04:00:04