CVE-2021-4002

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.

Published: Mar 3, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-4002
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.4
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.6
AV:L/AC:L/Au:N/C:P/I:P/A:N

CWEs:

CWE-401

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	5.16-rc2	5.16-rc2.x
linux / linux_kernel	5.16-rc1	5.16-rc1.x
linux / linux_kernel	5.16	5.16.x
linux / linux_kernel	-	5.16
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
fedoraproject / fedora	35	35.x
oracle / communications_cloud_native_core_binding_support_function	22.1.3	22.1.3.x
oracle / communications_cloud_native_core_policy	22.2.0	22.2.0.x
oracle / communications_cloud_native_core_network_exposure_function	22.1.1	22.1.1.x

Vulnerability Database

289,599

CVE-2021-4002