CVE-2021-20194
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
23/02/2021
Last modified:
12/02/2023
Description
There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.2 (excluding) | |
| cpe:2.3:a:redhat:openshift_container_platform:4.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openshift_container_platform:4.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page