PT-2021-7117 · Linux+8 · Linux Kernel+8

Published

2021-09-27

·

Updated

2023-08-14

·

CVE-2021-4203

CVSS v3.1

6.8

Medium

VectorAV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A use-after-free read flaw was found in the sock getsockopt() function in net/core/sock.c due to a race condition with listen() and connect() when using SO PEERCRED and SO PEERGROUPS. This issue may allow an attacker with user privileges to crash the system or leak internal kernel information.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALSA-2022:1988
ALT-PU-2021-3330
ALT-PU-2021-3358
ALT-PU-2021-3563
ALT-PU-2021-3573
ALT-PU-2021-3660
ALT-PU-2022-1155
ALT-PU-2022-1240
ALT-PU-2022-1307
ALT-PU-2022-1419
ALT-PU-2022-1421
ALT-PU-2023-1814
ALT-PU-2023-4894
BDU:2022-03402
CESA-2022_1975
CESA-2022_1988
CVE-2021-4203
DLA-2941-1
DSA-5096-1
OESA-2022-1495
OPENSUSE-SU-2022_3264-1
OPENSUSE-SU-2022_3408-1
OPENSUSE-SU-2022_3609-1
RHSA-2022:1975
RHSA-2022:1988
RHSA-2022:5626
RHSA-2022:5633
RHSA-2022_1975
RHSA-2022_1988
RLSA-2022:1975
RLSA-2022:1988
SUSE-SU-2022:3264-1
SUSE-SU-2022:3265-1
SUSE-SU-2022:3274-1
SUSE-SU-2022:3282-1
SUSE-SU-2022:3291-1
SUSE-SU-2022:3408-1
SUSE-SU-2022:3422-1
SUSE-SU-2022:3450-1
SUSE-SU-2022:3609-1
SUSE-SU-2022:3809-1
SUSE-SU-2023:0634-1
SUSE-SU-2023:0747-1
SUSE-SU-2023:0768-1
SUSE-SU-2023:0852-1
SUSE-SU-2023:1848-1
SUSE-SU-2023:2232-1
SUSE-SU-2023_0747-1
USN-6001-1
USN-6013-1
USN-6014-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu