CVE-2021-4135 - OpenCVE

A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.16:-::::::
	cpe:2.3:o:linux:linux_kernel:5.16:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.16:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.16:rc3::::::
	cpe:2.3:o:linux:linux_kernel:5.16:rc4::::::
	cpe:2.3:o:linux:linux_kernel:5.16:rc5::::::

No data.

References

Link	Providers
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=481221775d53
https://nvd.nist.gov/vuln/detail/CVE-2021-4135
https://www.cve.org/CVERecord?id=CVE-2021-4135

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-07-14T19:30:19

Updated: 2024-08-03T17:16:04.239Z

Reserved: 2021-12-18T00:00:00

Link: CVE-2021-4135

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-07-14T20:15:08.360

Modified: 2022-07-20T14:05:53.787

Link: CVE-2021-4135

Redhat

Severity : Moderate

Publid Date: 2021-12-15T17:00:00Z

Links: CVE-2021-4135 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "kernel", "vendor": "n/a", "versions": [{"status": "affected", "version": "Linux kernel versions prior to 5.16-rc6"}]}], "descriptions": [{"lang": "en", "value": "A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-14T19:30:19", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=481221775d53"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-4135", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "kernel", "version": {"version_data": [{"version_value": "Linux kernel versions prior to 5.16-rc6"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200"}]}]}, "references": {"reference_data": [{"name": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=481221775d53", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=481221775d53"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:16:04.239Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=481221775d53"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-4135", "datePublished": "2022-07-14T19:30:19", "dateReserved": "2021-12-18T00:00:00", "dateUpdated": "2024-08-03T17:16:04.239Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D692A2AE-8E9E-46AE-8670-7E1284317A25", "versionEndExcluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:-:*:*:*:*:*:*", "matchCriteriaId": "FF588A58-013F-4DBF-A3AB-70EC054B1892", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*", "matchCriteriaId": "357AA433-37E8-4323-BFB2-3038D6E4B414", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc2:*:*:*:*:*:*", "matchCriteriaId": "A73429BA-C2D9-4D0C-A75F-06A1CA8B3983", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc3:*:*:*:*:*:*", "matchCriteriaId": "F621B5E3-E99D-49E7-90B9-EC3B77C95383", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc4:*:*:*:*:*:*", "matchCriteriaId": "F7BFDCAA-1650-49AA-8462-407DD593F94F", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc5:*:*:*:*:*:*", "matchCriteriaId": "6EC9882F-866D-4ACB-8FBC-213D8D8436C8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de p\u00e9rdida de memoria en el eBPF del kernel de Linux para el controlador del dispositivo de red simulado en la forma en que el usuario usa el BPF para el dispositivo, de manera que es llamado a la funci\u00f3n nsim_map_alloc_elem. Un usuario local podr\u00eda usa este fallo para conseguir acceso no autorizado a algunos datos"}], "id": "CVE-2021-4135", "lastModified": "2022-07-20T14:05:53.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-14T20:15:08.360", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=481221775d53"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank elijahbai, huntazhang, and jitxie for reporting this issue.", "bugzilla": {"description": "kernel: Heap information leak in map_lookup_elem function", "id": "2026786", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026786"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-401", "details": ["A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data.", "A flaw memory leak in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data."], "mitigation": {"lang": "en:us", "value": "The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.\nFor the Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled.\nFor the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:\n```\n# cat /proc/sys/kernel/unprivileged_bpf_disabled\n```\nThe setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.\nA kernel update will be required to mitigate the flaw for the root or users with CAP_SYS_ADMIN capabilities."}, "name": "CVE-2021-4135", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-12-15T17:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-4135\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4135\nhttps://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=481221775d53"], "threat_severity": "Moderate", "upstream_fix": "Linux kernel 5.16-rc6"}