CVE-2021-4154

A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.

Published: Feb 5, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-4154
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-416

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	5.14-rc1	5.14-rc1.x
linux / linux_kernel	5.1	5.4.134
linux / linux_kernel	5.5	5.10.52
linux / linux_kernel	5.11	5.12.19
linux / linux_kernel	5.13	5.13.4
redhat / virtualization	4.0	4.0.x
redhat / enterprise_linux	8.0	8.0.x
netapp / hci_baseboard_management_controller	h300s	h300s.x
netapp / hci_baseboard_management_controller	h500s	h500s.x
netapp / hci_baseboard_management_controller	h700s	h700s.x
netapp / hci_baseboard_management_controller	h300e	h300e.x
netapp / hci_baseboard_management_controller	h500e	h500e.x
netapp / hci_baseboard_management_controller	h700e	h700e.x
netapp / hci_baseboard_management_controller	h410s	h410s.x

Vulnerability Database

289,599

CVE-2021-4154