DEBIAN-CVE-2021-4002

Advisory lineage Upstream: 1 Downstream: 3

Upstream

CVE-2021-4002

Downstream

DLA-2940-1 DLA-2941-1 DSA-5096-1

Published: 03 Mar 2022, 22:15

Last modified:28 Apr 2026, 20:22

Vulnerability Summary

Overall Risk (default)

low

18/100

CVSS Score

4.4 MEDIUM

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

03 Mar 2022, 22:15

Published

Vulnerability first disclosed

28 Apr 2026, 20:22

Last Modified

Vulnerability information updated

Description

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.

CVSS Metrics

v3.1•MEDIUM•Score: 4.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected Systems

debian•linux
< 5.10.84-1 | < 5.15.5-1 | < 5.15.5-1 | < 5.15.5-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2021-4002