QwikSec

Security Database

CVE

CWE

Training

CVE-2021-4002

Published: Mar 3, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.

Vendor	Product	Versions
n/a	kernel	affected `affects kernel v3.6 and later through v5.15.5.`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=2025726

x_refsource_MISC

https://www.openwall.com/lists/oss-security/2021/11/25/1

x_refsource_MISC

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea

x_refsource_MISC

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890

x_refsource_MISC

[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_DEBIAN

https://www.oracle.com/security-alerts/cpujul2022.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.