Extended Lifecycle Support CVE dashboard by TuxСare

CVEs Releases Projects

CVE-2021-4203

Updated: 2022-06-22 14:28:34.472077

Description:

A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4.9
CVSS Version 3.x MEDIUM 6.8

Status

OS name Project name Version Status Errata Last updated
CentOS 6 ELS kernel 2.6.32 Ignored 2022-06-26 11:38:50.49581
CentOS 8.4 ELS kernel 4.18.0-305.25.1 Needs triage 2022-05-11 02:25:00.866828
CentOS 8.5 ELS kernel 4.18.0-348.7.1 Needs triage 2022-05-11 02:25:08.467504
CloudLinux 6 ELS kernel 2.6.32 Ignored 2022-06-26 11:38:50.454386
Oracle Linux 6 ELS kernel 2.6.32 Needs triage 2022-06-28 14:39:22.687071
Ubuntu 16.04 ELS linux 4.4.0 Ignored 2022-06-26 11:38:50.601797

Statement

Will not fix: low score