CVE-2021-4090
Description
An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system integrity and confidentiality threat.
Risk Information
Base Score
7.1
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.059
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux kernel for OEM systems (USN-5217-1) linux-image-oem-20.04d_5.14.0.1018.16_amd64.deb | Linux |
| Linux kernel for OEM systems (USN-5217-1) linux-image-5.14.0-1018-oem_5.14.0-1018.19_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-aws_5.13.0.1012.13_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-aws_5.13.0.1015.16~20.04.8_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-gcp_5.13.0.1013.12_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-gcp_5.13.0.1015.18~20.04.2_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-gke_5.13.0.1013.12_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-kvm_5.13.0.1011.11_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-oracle_5.13.0.1016.16_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-oracle_5.13.0.1019.23~20.04.1_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-generic_5.13.0.28.38_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-virtual_5.13.0.28.38_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-oem-20.04_5.13.0.28.38_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-lowlatency_5.13.0.28.38_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-oem-20.04c_5.13.0.1029.31_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.11.0-1029-gcp_5.11.0-1029.33~20.04.3_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.13.0-1011-kvm_5.13.0-1011.12_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.13.0-1012-aws_5.13.0-1012.13_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.13.0-1013-gcp_5.13.0-1013.16_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.13.0-1029-oem_5.13.0-1029.36_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.13.0-28-generic_5.13.0-28.31_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.13.0-28-generic_5.13.0-28.31~20.04.1_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-generic-hwe-20.04_5.13.0.28.31~20.04.15_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-virtual-hwe-20.04_5.13.0.28.31~20.04.15_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.11.0-1028-oracle_5.11.0-1028.31~20.04.1_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.13.0-1016-oracle_5.13.0-1016.20_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.13.0-28-lowlatency_5.13.0-28.31_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.13.0-28-lowlatency_5.13.0-28.31~20.04.1_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-lowlatency-hwe-20.04_5.13.0.28.31~20.04.15_amd64.deb | Linux |
| Linux kernel for Intel IOTG (USN-5362-1) linux-image-intel_5.13.0.1010.11_amd64.deb | Linux |
| Linux kernel for Intel IOTG (USN-5362-1) linux-image-5.13.0-1010-intel_5.13.0-1010.10_amd64.deb | Linux |
| Linux kernel (USN-5265-1) linux-image-5.11.0-1028-azure_5.11.0-1028.31~20.04.2_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234