Unrated severityNVD Advisory· Published Aug 24, 2022· Updated Aug 3, 2024
CVE-2021-4159
CVE-2021-4159
Description
A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
16- osv-coords14 versionspkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_69&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
< 5.3.18-150300.38.40.4+ 13 more
- (no CPE)range: < 5.3.18-150300.38.40.4
- (no CPE)range: < 5.3.18-150300.38.40.4
- (no CPE)range: < 5.3.18-150300.38.40.1
- (no CPE)range: < 5.3.18-150300.38.40.4
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 5.3.18-150300.38.40.4
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 5.3.18-150300.38.40.1
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 1-8.3.1
Patches
Vulnerability mechanics
References
5- access.redhat.com/security/cve/CVE-2021-4159mitrex_refsource_MISC
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2022/10/msg00000.htmlmitremailing-listx_refsource_MLIST
- security-tracker.debian.org/tracker/CVE-2021-4159mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.