#VU61258 Security restrictions bypass in Linux kernel - CVE-2021-4197


Vulnerability identifier: #VU61258

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-4197

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to missing permissions checks within the cgroups (control groups) functionality of Linux Kernel when writing into a file descriptor. A local low privileged process can trick a higher privileged parent process into writing arbitrary data into files, which can result in denial of service or privileges escalation.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: before 5.17, 5.17

External links
https://bugzilla.redhat.com/show_bug.cgi?id=2035652

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Spectrum Protect Plus
Multiple vulnerabilities in IBM Cloud Object Storage Systems
Multiple vulnerabilities in IBM Elastic Storage System
Multiple vulnerabilities in OpenShift Container Platform 4.7
Multiple vulnerabilities in OpenShift Container Platform 4.9
Multiple vulnerabilities in OpenShift Container Platform 4.10
Ubuntu update for linux-azure
Red Hat Enterprise Linux 8.4 Extended Update Support update for kernel
Red Hat Enterprise Linux 8.4 Extended Update Support update for kernel-rt
Ubuntu update for linux-aws