Vulnerability Details : CVE-2021-20194

There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.

Vulnerability category: Memory CorruptionInput validation

Published 2021-02-23 23:15:13

Updated 2023-02-12 22:15:17

Source Red Hat, Inc.

View at NVD, CVE.org

Threat overview for CVE-2021-20194

Top countries where our scanners detected CVE-2021-20194

Top open port discovered on systems with this issue 53

IPs affected by CVE-2021-20194 60,029

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2021-20194!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2021-20194

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-20194

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	nvd@nist.gov
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	nvd@nist.gov
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-20194

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: secalert@redhat.com (Primary)
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Secondary)

References for CVE-2021-20194

https://security.netapp.com/advisory/ntap-20210326-0003/

CVE-2021-20194 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1912683

1912683 – (CVE-2021-20194) CVE-2021-20194 kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt()
Issue Tracking;Patch;Third Party Advisory

Products affected by CVE-2021-20194

Redhat » Enterprise Linux » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Container Platform » Version: 4.4
cpe:2.3:a:redhat:openshift_container_platform:4.4:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Container Platform » Version: 4.5
cpe:2.3:a:redhat:openshift_container_platform:4.5:*:*:*:*:*:*:*
Matching versions
Redhat » Openshift Container Platform » Version: 4.6
cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions after (>) 5.2
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions