Unrated severityNVD Advisory· Published Feb 23, 2021· Updated Aug 3, 2024
CVE-2021-20194
CVE-2021-20194
Description
There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.
Affected products
61- Linux/linux kerneldescription
- osv-coords60 versionspkg:apk/chainguard/hyperv-daemonspkg:apk/chainguard/hyperv-daemons-6.18pkg:apk/chainguard/hyperv-daemons-genericpkg:apk/chainguard/linuxpkg:apk/chainguard/linux-aws-6.12pkg:apk/chainguard/linux-aws-6.12-boot-installedpkg:apk/chainguard/linux-aws-6.12-fips-boot-installedpkg:apk/chainguard/linux-aws-6.12-headerspkg:apk/chainguard/linux-aws-6.12-modulespkg:apk/chainguard/linux-aws-6.18pkg:apk/chainguard/linux-aws-6.18-boot-installedpkg:apk/chainguard/linux-aws-6.18-fips-boot-installedpkg:apk/chainguard/linux-aws-6.18-headerspkg:apk/chainguard/linux-aws-6.18-modulespkg:apk/chainguard/linux-aws-genericpkg:apk/chainguard/linux-aws-generic-boot-configurationpkg:apk/chainguard/linux-aws-generic-boot-installedpkg:apk/chainguard/linux-aws-generic-fips-boot-installedpkg:apk/chainguard/linux-aws-generic-headerspkg:apk/chainguard/linux-aws-generic-modulespkg:apk/chainguard/linux-azure-6.12pkg:apk/chainguard/linux-azure-6.18pkg:apk/chainguard/linux-azure-6.18-boot-installedpkg:apk/chainguard/linux-azure-6.18-fips-boot-installedpkg:apk/chainguard/linux-azure-6.18-headerspkg:apk/chainguard/linux-azure-6.18-modulespkg:apk/chainguard/linux-azure-genericpkg:apk/chainguard/linux-azure-generic-boot-configurationpkg:apk/chainguard/linux-azure-generic-boot-installedpkg:apk/chainguard/linux-azure-generic-fips-boot-installedpkg:apk/chainguard/linux-azure-generic-headerspkg:apk/chainguard/linux-azure-generic-modulespkg:apk/chainguard/linux-boot-configurationpkg:apk/chainguard/linux-boot-installedpkg:apk/chainguard/linux-gcp-6.12pkg:apk/chainguard/linux-gcp-6.18pkg:apk/chainguard/linux-gcp-6.18-boot-installedpkg:apk/chainguard/linux-gcp-6.18-fips-boot-installedpkg:apk/chainguard/linux-gcp-6.18-headerspkg:apk/chainguard/linux-gcp-6.18-modulespkg:apk/chainguard/linux-gcp-genericpkg:apk/chainguard/linux-gcp-generic-boot-installedpkg:apk/chainguard/linux-gcp-generic-fips-boot-installedpkg:apk/chainguard/linux-gcp-generic-headerspkg:apk/chainguard/linux-gcp-generic-modulespkg:apk/chainguard/linux-modulespkg:apk/chainguard/linux-qemu-6.12pkg:apk/chainguard/linux-qemu-6.18pkg:apk/chainguard/linux-qemu-genericpkg:apk/chainguard/linux-qemu-generic-bootc-boot-installedpkg:apk/chainguard/linux-qemu-melangepkg:apk/chainguard/linux-qemu-rcpkg:apk/chainguard/linux-qemu-rc-boot-installedpkg:apk/chainguard/linux-qemu-rc-fips-boot-installedpkg:apk/chainguard/linux-qemu-rc-headerspkg:apk/chainguard/linux-qemu-rc-modulespkg:apk/chainguard/linux-vmware-6.12pkg:apk/chainguard/linux-vmware-6.18pkg:apk/chainguard/linux-vmware-genericpkg:rpm/almalinux/kernel-tools-libs-devel
< 0+ 59 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 6.18.5-r0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 4.18.0-348.el8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20210326-0003/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.