CVE-2021-4204

Description

An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.

CVSS Metrics

• v3.1•HIGH•Score: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Trends

Current EPSS score: 0.77%• Percentile: 74%

Techniques & Countermeasures

• CWE-119•Improper Restriction of Operations within the Bounds of a Memory Buffer

  The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

• CWE-20•Improper Input Validation

  The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

• debian•debian_linux

  11.0

• linux•linux_kernel

  < 5.8.0 | 5.8.0

• netapp•h300s_firmware

  na

• netapp•h410c_firmware

  na

• netapp•h410s_firmware

  na

• netapp•h500s_firmware

  na

• netapp•h700s_firmware

  na

• redhat•enterprise_linux

  9.0

References (5)

• https://bugzilla.redhat.com/show_bug.cgi?id=2039178
• https://access.redhat.com/security/cve/CVE-2021-4204
• https://www.openwall.com/lists/oss-security/2022/01/11/4
• https://security-tracker.debian.org/tracker/CVE-2021-4204
• https://security.netapp.com/advisory/ntap-20221228-0003/