Unrated severityNVD Advisory· Published Aug 24, 2022· Updated Aug 3, 2024
CVE-2021-4159
CVE-2021-4159
Description
A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.
Affected products
15- Linux/Linux kerneldescription
- osv-coords14 versionspkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_69&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
< 5.3.18-150300.38.40.4+ 13 more
- (no CPE)range: < 5.3.18-150300.38.40.4
- (no CPE)range: < 5.3.18-150300.38.40.4
- (no CPE)range: < 5.3.18-150300.38.40.1
- (no CPE)range: < 5.3.18-150300.38.40.4
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 5.3.18-150300.38.40.4
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 5.3.18-150300.38.40.1
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 4.12.14-122.261.1
- (no CPE)range: < 1-8.3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- access.redhat.com/security/cve/CVE-2021-4159mitrex_refsource_MISC
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2022/10/msg00000.htmlmitremailing-listx_refsource_MLIST
- security-tracker.debian.org/tracker/CVE-2021-4159mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.