CVE-2021-4197

NameCVE-2021-4197
DescriptionAn unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-5127-1
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)stretch4.9.228-1vulnerable
stretch (security)4.9.303-1vulnerable
buster4.19.235-1vulnerable
buster (security)4.19.232-1vulnerable
bullseye5.10.106-1vulnerable
bullseye (security)5.10.113-1fixed
bookworm5.17.3-1fixed
sid5.17.6-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcebullseye5.10.113-1DSA-5127-1
linuxsource(unstable)5.15.15-1

Notes

https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/
https://bugzilla.redhat.com/show_bug.cgi?id=2035652

Search for package or bug name: Reporting problems