PT-2021-4230 · Linux+7 · Linux Kernel+7

Pedro Sampaio

Published

2020-02-06

Updated

2022-08-05

CVE-2021-20239

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.92

Description The issue is related to the disclosure of protected information in the Linux kernel, specifically in the BPF protocol. It allows an attacker with a local account to leak information about kernel internal addresses, posing a threat to confidentiality.

Recommendations For Linux kernel versions prior to 5.4.92, update to version 5.4.92 or later to resolve the issue. As a temporary workaround, consider restricting access to the BPF protocol to minimize the risk of exploitation.

Fix

Information Disclosure

Buffer Overflow

Untrusted Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-119CWE-822

Related Identifiers

ALSA-2021:4356

ALT-PU-2020-1145

ALT-PU-2020-1251

ALT-PU-2020-1421

ALT-PU-2020-1450

ALT-PU-2020-1714

ALT-PU-2020-2164

ALT-PU-2021-1137

ALT-PU-2021-1168

ALT-PU-2021-1211

ALT-PU-2021-1862

ALT-PU-2021-1866

ALT-PU-2021-1870

BDU:2021-04836

CESA-2021_4140

CESA-2021_4356

CVE-2021-20239

RHSA-2021:4140

RHSA-2021:4356

RHSA-2021_4140

RHSA-2021_4356

USN-4878-1

USN-4910-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Linux Kernel

Red Hat

Ubuntu

PT-2021-4230 · Linux+7 · Linux Kernel+7

CVE-2021-20239

Weakness Enumeration

Related Identifiers

Affected Products

References · 72