CVE-2021-4083

HIGH Year: 2021
CVSS v3 Score
7.0
High
CVSS v2 Score
6.9
Medium
Weakness Type
CWE-416
View all →

Vulnerability Description

A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.

Related Vulnerabilities

CVE-2014-9940

HIGH
CVSS:7.0(High)

The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted appli...

CWE-4162014

CVE-2016-10088

HIGH
CVSS:7.0(High)

The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrar...

CWE-4162016

CVE-2017-10661

HIGH
CVSS:7.0(High)

Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descripto...

CWE-4162017

CVE-2017-17053

HIGH
CVSS:7.0(High)

The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a...

CWE-4162017

CVE-2017-18153

HIGH
CVSS:7.0(High)

A race condition exists in a driver potentially leading to a use-after-free condition.

CWE-4162017

CVE-2017-18202

HIGH
CVSS:7.0(High)

The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) ...

CWE-4162017