Home

CVE-2021-4154

Description

A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernels cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.

Risk Information

Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.838

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2022:0825) kernel security, bug fix, and enhancement update kernel-abi-stablelists-4.18.0-348.20.1.el8_5.noarch.rpmLinux
(RHSA-2022:0825) kernel security, bug fix, and enhancement update kernel-cross-headers-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
(RHSA-2022:0825) kernel security, bug fix, and enhancement update kernel-debug-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
(RHSA-2022:0825) kernel security, bug fix, and enhancement update kernel-debug-core-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
(RHSA-2022:0825) kernel security, bug fix, and enhancement update kernel-debug-modules-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
(RHSA-2022:0825) kernel security, bug fix, and enhancement update kernel-debug-modules-extra-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
(RHSA-2022:0825) kernel security, bug fix, and enhancement update kernel-doc-4.18.0-348.20.1.el8_5.noarch.rpmLinux
(RHSA-2022:0825) kernel security, bug fix, and enhancement update kernel-modules-extra-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
(RHSA-2022:0849) kpatch-patch security update kpatch-patch-4_18_0-348-1-3.el8.x86_64.rpmLinux
(RHSA-2022:0849) kpatch-patch security update kpatch-patch-4_18_0-348-debugsource-1-3.el8.x86_64.rpmLinux
(RHSA-2022:0849) kpatch-patch security update kpatch-patch-4_18_0-348_12_2-1-1.el8_5.x86_64.rpmLinux
(RHSA-2022:0849) kpatch-patch security update kpatch-patch-4_18_0-348_12_2-debugsource-1-1.el8_5.x86_64.rpmLinux
(RHSA-2022:0849) kpatch-patch security update kpatch-patch-4_18_0-348_2_1-1-2.el8_5.x86_64.rpmLinux
(RHSA-2022:0849) kpatch-patch security update kpatch-patch-4_18_0-348_2_1-debugsource-1-2.el8_5.x86_64.rpmLinux
(RHSA-2022:0849) kpatch-patch security update kpatch-patch-4_18_0-348_7_1-1-2.el8_5.x86_64.rpmLinux
(RHSA-2022:0849) kpatch-patch security update kpatch-patch-4_18_0-348_7_1-debugsource-1-2.el8_5.x86_64.rpmLinux
Bpftool update (ELSA-2022-0825) bpftool-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
Kernel update (ELSA-2022-0825) kernel-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
Kernel-abi-stablelists update (ELSA-2022-0825) kernel-abi-stablelists-4.18.0-348.20.1.el8_5.noarch.rpmLinux
Kernel-core update (ELSA-2022-0825) kernel-core-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
Kernel-cross-headers update (ELSA-2022-0825) kernel-cross-headers-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
Kernel-debug update (ELSA-2022-0825) kernel-debug-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
Kernel-debug-core update (ELSA-2022-0825) kernel-debug-core-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
Kernel-debug-devel update (ELSA-2022-0825) kernel-debug-devel-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
Kernel-debug-modules update (ELSA-2022-0825) kernel-debug-modules-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
Kernel-debug-modules-extra update (ELSA-2022-0825) kernel-debug-modules-extra-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
Kernel-devel update (ELSA-2022-0825) kernel-devel-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
Kernel-doc update (ELSA-2022-0825) kernel-doc-4.18.0-348.20.1.el8_5.noarch.rpmLinux
Kernel-headers update (ELSA-2022-0825) kernel-headers-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
Kernel-modules update (ELSA-2022-0825) kernel-modules-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
Kernel-modules-extra update (ELSA-2022-0825) kernel-modules-extra-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
Kernel-tools update (ELSA-2022-0825) kernel-tools-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
Kernel-tools-libs update (ELSA-2022-0825) kernel-tools-libs-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
Kernel-tools-libs-devel update (ELSA-2022-0825) kernel-tools-libs-devel-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
Perf update (ELSA-2022-0825) perf-4.18.0-348.20.1.el8_5.x86_64.rpmLinux
Python3-perf update (ELSA-2022-0825) python3-perf-4.18.0-348.20.1.el8_5.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234