CVE-2021-4002

Name
CVE-2021-4002
Description
A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea
Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2025726
Exploit https://www.openwall.com/lists/oss-security/2021/11/25/1
Mailing List https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Mailing List https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
Third Party Advisory https://www.debian.org/security/2022/dsa-5096

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= None < 5.16

Vulnerable and fixed packages

Source package Branch Version Maintainer Status