A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information.
References
Link | Resource |
---|---|
https://bugs.chromium.org/p/project-zero/issues/detail?id=2230&can=7&q=modified-after%3Atoday-30&sort=-modified&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve&cells=tiles&redir=1 | Exploit Issue Tracking Patch Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2036934 | Issue Tracking Patch Third Party Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814 | Patch Vendor Advisory |
https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet%40gmail.com/T/ | |
https://security.netapp.com/advisory/ntap-20221111-0003/ | Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
|
History
07 Nov 2023, 03:40
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE |
08 Dec 2022, 22:19
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp h700s
Netapp h500s Netapp bootstrap Os Oracle communications Cloud Native Core Policy Netapp h410c Netapp h410s Netapp hci Compute Node Oracle communications Cloud Native Core Network Exposure Function Netapp h300s Netapp h410s Firmware Netapp active Iq Unified Manager Netapp h700s Firmware Netapp h410c Firmware Netapp e-series Santricity Os Controller Netapp a700s Netapp Netapp solidfire Netapp h300s Firmware Oracle Netapp hci Management Node Oracle communications Cloud Native Core Binding Support Function Netapp h500s Firmware Netapp element Software Netapp a700s Firmware |
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20221111-0003/ - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:* cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:* |
14 Nov 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jul 2022, 18:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jun 2022, 15:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:a:linux:linux_kernel:5.15:rc1:*:*:*:*:*:* cpe:2.3:a:linux:linux_kernel:5.15:rc3:*:*:*:*:*:* cpe:2.3:a:linux:linux_kernel:5.15:rc2:*:*:*:*:*:* |
cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:* |
07 Apr 2022, 15:10
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-416 CWE-362 |
|
First Time |
Linux linux Kernel
Linux |
|
CVSS |
v2 : v3 : |
v2 : 4.9
v3 : 6.8 |
CPE | cpe:2.3:a:linux:linux_kernel:5.15:rc2:*:*:*:*:*:* cpe:2.3:a:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:a:linux:linux_kernel:5.15:-:*:*:*:*:*:* cpe:2.3:a:linux:linux_kernel:5.15:rc3:*:*:*:*:*:* cpe:2.3:a:linux:linux_kernel:5.15:rc1:*:*:*:*:*:* |
|
References | (MISC) https://bugs.chromium.org/p/project-zero/issues/detail?id=2230&can=7&q=modified-after%3Atoday-30&sort=-modified&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary%20Modified%20Cve&cells=tiles&redir=1 - Exploit, Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://lore.kernel.org/netdev/20210929225750.2548112-1-eric.dumazet@gmail.com/T/ - Mailing List, Patch, Vendor Advisory | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=35306eb23814 - Patch, Vendor Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2036934 - Issue Tracking, Patch, Third Party Advisory |
25 Mar 2022, 19:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-25 19:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-4203
Mitre link : CVE-2021-4203
CVE.ORG link : CVE-2021-4203
JSON object : View
Products Affected
netapp
- a700s_firmware
- h700s_firmware
- h500s_firmware
- h700s
- element_software
- h410c_firmware
- hci_management_node
- h300s_firmware
- a700s
- bootstrap_os
- h500s
- h410c
- active_iq_unified_manager
- h410s_firmware
- hci_compute_node
- h410s
- h300s
- e-series_santricity_os_controller
- solidfire
linux
- linux_kernel
oracle
- communications_cloud_native_core_policy
- communications_cloud_native_core_network_exposure_function
- communications_cloud_native_core_binding_support_function