Home > Vulnerability Database > CVE-2021-4159

Mend.io Vulnerability Database

CVE-2021-4159

Date: August 24, 2022

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.

Severity Score

4.4

Related Resources (8)

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-4159

Url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2036024

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-4159

Url: https://access.redhat.com/security/cve/CVE-2021-4159

Url: https://security-tracker.debian.org/tracker/CVE-2021-4159

Url: https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html

Url: https://www.mend.io/vulnerability-database/CVE-2021-4159

Severity Score

4.4

Weakness Type (CWE)

Exposure of Sensitive Information Through Data Queries

CWE-202

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2021-4159

Date: August 24, 2022

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?