CVE-2021-20194

CVSS v3.1 7.8 (High)

CVSS v2.0 4.6 (Medium)

EPSS 0.04 % (5^th)

Affected Products 3

Advisories 11

There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.

Weaknesses

CWE-20: Improper Input Validation
CWE-787: Out-of-bounds Write

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2021-02-23 23:15:13
(3 years ago)
Updated Date: 2023-02-12 22:15:16
(19 months ago)

Affected Products

Linux

Linux Kernel

Redhat

Configuration #1

		CPE23	From	Up To
	Linux Kernel above 5.2 version	cpe:2.3:o:linux:linux_kernel	> 5.2

Configuration #2

		CPE23	From	Up To
	Redhat Openshift Container Platform 4.4	cpe:2.3:a:redhat:openshift_container_platform:4.4
	Redhat Openshift Container Platform 4.5	cpe:2.3:a:redhat:openshift_container_platform:4.5
	Redhat Openshift Container Platform 4.6	cpe:2.3:a:redhat:openshift_container_platform:4.6
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0