CVE-2021-4197

Description

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.

CVSS Metrics

• v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
• v2.0•HIGH•Score: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.02%• Percentile: 4%

Techniques & Countermeasures

• CWE-287•Improper Authentication

  When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Systems

• broadcom•brocade_fabric_operating_system

  na

• debian•debian_linux

  10.0

• linux•linux_kernel

  ≥ 4.2, < 4.14.276 | ≥ 4.15, < 4.19.238 | ≥ 4.20, < 5.4.189 | ≥ 5.5, < 5.10.111 | ≥ 5.11, < 5.15.14

• netapp•h300s_firmware

  na

• netapp•h410c_firmware

  na

• netapp•h410s_firmware

  na

• netapp•h500s_firmware

  na

• netapp•h700s_firmware

  na

• oracle•communications_cloud_native_core_binding_support_function

  22.1.1 | 22.1.3 | 22.2.0

References (6)

• https://bugzilla.redhat.com/show_bug.cgi?id=2035652
• https://lore.kernel.org/lkml/20211209214707.805617-1-tj%40kernel.org/T/
• https://www.debian.org/security/2022/dsa-5127
• https://www.debian.org/security/2022/dsa-5173
• https://www.oracle.com/security-alerts/cpujul2022.html
• https://security.netapp.com/advisory/ntap-20220602-0006/