CVE-2021-4028

A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2021-4028	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2027201	Issue Tracking Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0	Issue Tracking Patch Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0bdc5afaa74	Mailing List Patch Vendor Advisory
https://lkml.org/lkml/2021/10/4/697	Mailing List Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20221228-0002/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:suse:linux_enterprise:15.0:sp3::::::
	cpe:2.3:o:suse:linux_enterprise:15.0:sp4::::::

History

No history.

Information

Published : 2022-08-24 16:15

Updated : 2024-02-28 19:29

NVD link : CVE-2021-4028

Mitre link : CVE-2021-4028

CVE.ORG link : CVE-2021-4028

JSON object : View

Products Affected

linux

linux_kernel

suse

linux_enterprise

CWE

CWE-416

Use After Free

{"id": "CVE-2021-4028", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-08-24T16:15:09.197", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2021-4028", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027201", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0bdc5afaa74", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lkml.org/lkml/2021/10/4/697", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security.netapp.com/advisory/ntap-20221228-0002/", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-416"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system."}, {"lang": "es", "value": "Un fallo en la implementaci\u00f3n del kernel de Linux del c\u00f3digo de escucha del administrador de comunicaciones RDMA permit\u00eda a un atacante con acceso local configurar un socket para que escuchara en un puerto alto, lo que permit\u00eda un uso de memoria previamente liberada de un elemento de la lista. Dada la capacidad de ejecutar c\u00f3digo, un atacante local podr\u00eda aprovechar este uso de memoria previamente liberada para bloquear el sistema o posiblemente escalar privilegios en el sistema."}], "lastModified": "2023-02-10T16:18:15.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "247858D3-F7A3-4645-8903-6EDFD43FB0E1", "versionEndExcluding": "5.10.71", "versionStartIncluding": "5.10"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A437B0D-8305-4C72-B691-D26986A126CF", "versionEndExcluding": "5.14.10", "versionStartIncluding": "5.11"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise:15.0:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4160B6E-BB1D-4476-877E-5D8CA47226DE"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise:15.0:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6A1F863-4D18-45F9-86D5-91ED3B38EB47"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}