CVE-2021-4203
Updated: 2022-06-22 14:28:34.472077
Description:
A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
| Links | NIST | CIRCL | RHEL | Ubuntu |
Severity
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 4.9 |
| CVSS Version 3.x | MEDIUM | 6.8 |
Status
| OS name | Project name | Version | Status | Errata | Last updated |
|---|---|---|---|---|---|
| CentOS 6 ELS | kernel | 2.6.32 | Ignored | 2022-06-26 11:38:50.49581 | |
| CentOS 8.4 ELS | kernel | 4.18.0-305.25.1 | Needs triage | 2022-05-11 02:25:00.866828 | |
| CentOS 8.5 ELS | kernel | 4.18.0-348.7.1 | Needs triage | 2022-05-11 02:25:08.467504 | |
| CloudLinux 6 ELS | kernel | 2.6.32 | Ignored | 2022-06-26 11:38:50.454386 | |
| Oracle Linux 6 ELS | kernel | 2.6.32 | Needs triage | 2022-06-28 14:39:22.687071 | |
| Ubuntu 16.04 ELS | linux | 4.4.0 | Ignored | 2022-06-26 11:38:50.601797 |
Statement
Will not fix: low score