Main Vulnerability Database SB20220111107

SB20220111107 - Fedora 35 update for kernel

Published: January 11, 2022

Security Bulletin ID SB20220111107

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security restrictions bypass (CVE-ID: CVE-2021-4197)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to missing permissions checks within the cgroups (control groups) functionality of Linux Kernel when writing into a file descriptor. A local low privileged process can trick a higher privileged parent process into writing arbitrary data into files, which can result in denial of service or privileges escalation.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2022-ade480f201