QwikSec

Security Database

CVE

CWE

Training

CVE-2021-3492

Published: Apr 17, 2021

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.1

8.8

HIGH

Description

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.

Vendor	Product	Versions
Ubuntu	Linux kernel	affected `5.8 kernel - < 5.8.0-50.56` affected `5.4 kernel - < 5.4.0-72.80`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://www.openwall.com/lists/oss-security/2021/04/16/2

x_refsource_MISC

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=8fee52ab9da87d82bc6de9ebb3480fff9b4d53e6

x_refsource_MISC

https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=25c891a949bf918b59cbc6e4932015ba4c35c333

x_refsource_MISC

https://ubuntu.com/security/notices/USN-4917-1

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-422/

x_refsource_MISC

http://packetstormsecurity.com/files/162614/Kernel-Live-Patch-Security-Notice-LSN-0077-1.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.