{"containers": {"cna": {"affected": [{"product": "Linux kernel", "vendor": "Ubuntu", "versions": [{"lessThan": "5.8.0-50.56", "status": "affected", "version": "5.8 kernel", "versionType": "custom"}, {"lessThan": "5.4.0-72.80", "status": "affected", "version": "5.4 kernel", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Vincent Dehors of Synactiv Digital Security"}], "datePublic": "2021-04-15T00:00:00", "descriptions": [{"lang": "en", "value": "Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-415", "description": "CWE-415: Double Free", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-401", "description": "CWE-401: Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-18T17:06:14", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2021/04/16/2"}, {"tags": ["x_refsource_MISC"], "url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=8fee52ab9da87d82bc6de9ebb3480fff9b4d53e6"}, {"tags": ["x_refsource_MISC"], "url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=25c891a949bf918b59cbc6e4932015ba4c35c333"}, {"tags": ["x_refsource_MISC"], "url": "https://ubuntu.com/security/notices/USN-4917-1"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-422/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/162614/Kernel-Live-Patch-Security-Notice-LSN-0077-1.html"}], "source": {"discovery": "EXTERNAL"}, "title": "Ubuntu linux kernel shiftfs file system double free vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2021-04-15T00:00:00.000Z", "ID": "CVE-2021-3492", "STATE": "PUBLIC", "TITLE": "Ubuntu linux kernel shiftfs file system double free vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Linux kernel", "version": {"version_data": [{"version_affected": "<", "version_name": "5.8 kernel", "version_value": "5.8.0-50.56"}, {"version_affected": "<", "version_name": "5.4 kernel", "version_value": "5.4.0-72.80"}]}}]}, "vendor_name": "Ubuntu"}]}}, "credit": [{"lang": "eng", "value": "Vincent Dehors of Synactiv Digital Security"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-415: Double Free"}]}, {"description": [{"lang": "eng", "value": "CWE-401: Missing Release of Memory after Effective Lifetime"}]}]}, "references": {"reference_data": [{"name": "https://www.openwall.com/lists/oss-security/2021/04/16/2", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2021/04/16/2"}, {"name": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=8fee52ab9da87d82bc6de9ebb3480fff9b4d53e6", "refsource": "MISC", "url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=8fee52ab9da87d82bc6de9ebb3480fff9b4d53e6"}, {"name": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=25c891a949bf918b59cbc6e4932015ba4c35c333", "refsource": "MISC", "url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=25c891a949bf918b59cbc6e4932015ba4c35c333"}, {"name": "https://ubuntu.com/security/notices/USN-4917-1", "refsource": "MISC", "url": "https://ubuntu.com/security/notices/USN-4917-1"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-422/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-422/"}, {"name": "http://packetstormsecurity.com/files/162614/Kernel-Live-Patch-Security-Notice-LSN-0077-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/162614/Kernel-Live-Patch-Security-Notice-LSN-0077-1.html"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:53:17.692Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2021/04/16/2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=8fee52ab9da87d82bc6de9ebb3480fff9b4d53e6"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=25c891a949bf918b59cbc6e4932015ba4c35c333"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ubuntu.com/security/notices/USN-4917-1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-422/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/162614/Kernel-Live-Patch-Security-Notice-LSN-0077-1.html"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2021-3492", "datePublished": "2021-04-17T04:20:16.011472Z", "dateReserved": "2021-04-09T00:00:00", "dateUpdated": "2024-09-17T03:54:52.527Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:lts:*:*:*", "matchCriteriaId": "90A80DE7-3EFA-464C-9D31-C46521FFBFBF", "versionEndExcluding": "18.04", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:lts:*:*:*", "matchCriteriaId": "2027773B-26DA-408E-B71D-40D05690D9EA", "versionEndExcluding": "20.04", "versionStartIncluding": "18.04.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:-:*:*:*", "matchCriteriaId": "ACAB2EE0-EC21-4669-840F-94F6C3028C64", "versionEndExcluding": "20.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562."}, {"lang": "es", "value": "Shiftfs, un sistema de archivos de apilamiento fuera del \u00e1rbol incluido en los kernels de Ubuntu Linux, no manejaba apropiadamente los fallos que ocurr\u00edan durante la funci\u00f3n copy_from_user().&#xa0;Esto podr\u00eda conllevar a una situaci\u00f3n de doble liberaci\u00f3n o a que la memoria no sea liberada del todo.&#xa0;Un atacante podr\u00eda usar esto para causar una denegaci\u00f3n de servicio (agotamiento de la memoria del kernel) u alcanzar privilegios por medio de la ejecuci\u00f3n de c\u00f3digo arbitrario.&#xa0;Tambi\u00e9n se conoce como ZDI-CAN-13562"}], "id": "CVE-2021-3492", "lastModified": "2021-05-21T16:08:32.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2021-04-17T05:15:13.113", "references": [{"source": "security@ubuntu.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/162614/Kernel-Live-Patch-Security-Notice-LSN-0077-1.html"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=25c891a949bf918b59cbc6e4932015ba4c35c333"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=8fee52ab9da87d82bc6de9ebb3480fff9b4d53e6"}, {"source": "security@ubuntu.com", "tags": ["Vendor Advisory"], "url": "https://ubuntu.com/security/notices/USN-4917-1"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2021/04/16/2"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-422/"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}, {"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-401"}, {"lang": "en", "value": "CWE-415"}], "source": "security@ubuntu.com", "type": "Secondary"}]}

{"bugzilla": {"description": "kernel: shiftfs file system double free vulnerability", "id": "1950499", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950499"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-400", "details": ["Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.", "A flaw use after free (or use before allocation) in the Linux kernel Shiftfs file-system was found in the way user calls one of the few ioctls.\nThe highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."], "name": "CVE-2021-3492", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-04-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3492\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3492"], "statement": "Shiftfs has not been accepted in the upstream Linux kernel. It is both non included to the any versions of the Red Hat Enterprise Linux.", "threat_severity": "Moderate"}