#VU67913 Memory leak in Linux kernel


Published: 2022-10-05

Vulnerability identifier: #VU67913

Vulnerability risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-4159

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description
The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due memory leak in Linux kernel EBPF verifier when handling internal data structures. A local user with permissions to insert eBPF code to the kernel can force the kernel to leak internal kernel memory details and bypass mitigations, related to exploitation protection.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://access.redhat.com/security/cve/CVE-2021-4159
http://bugzilla.redhat.com/show_bug.cgi?id=2036024
http://security-tracker.debian.org/tracker/CVE-2021-4159
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd
http://lists.debian.org/debian-lts-announce/2022/10/msg00000.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux
Ubuntu update for linux-azure-fde
Ubuntu update for linux-aws-5.4
Ubuntu update for linux-gcp
Ubuntu update for linux
Amazon Linux AMI update for kernel
Information disclosure in Linux kernel eBPF
openEuler update for kernel