A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2025726 | Issue Tracking Third Party Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea | Patch Vendor Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890 | Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html | Mailing List Third Party Advisory |
https://www.debian.org/security/2022/dsa-5096 | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2021/11/25/1 | Exploit Mailing List Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
22 Feb 2023, 17:46
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:* |
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory |
25 Jul 2022, 18:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Mar 2022, 16:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 3.6
v3 : 4.4 |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13e4ad2ce8df6e058ef482a31fdd81c725b0f7ea - Patch, Vendor Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5096 - Third Party Advisory | |
References | (MISC) https://www.openwall.com/lists/oss-security/2021/11/25/1 - Exploit, Mailing List, Third Party Advisory | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4a118f2eead1d6c49e00765de89878288d4b890 - Patch, Vendor Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html - Mailing List, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2025726 - Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.16:-:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CWE | CWE-401 |
10 Mar 2022, 17:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Mar 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-03 22:15
Updated : 2024-02-04 22:29
NVD link : CVE-2021-4002
Mitre link : CVE-2021-4002
CVE.ORG link : CVE-2021-4002
JSON object : View
Products Affected
oracle
- communications_cloud_native_core_binding_support_function
- communications_cloud_native_core_policy
- communications_cloud_native_core_network_exposure_function
fedoraproject
- fedora
debian
- debian_linux
linux
- linux_kernel