Bug 2029923 (CVE-2021-4083)
Summary: | CVE-2021-4083 kernel: fget: check that the fd still exists after getting a ref to it | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Alex <allarkin> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, asavkov, bdettelb, bhu, brdeoliv, bskeggs, chwhite, crwood, ctoe, dhoward, dvlasenk, fhrbata, fpacheco, hdegoede, hkrzesin, jarod, jarodwilson, jburrell, jeremy, jfaracco, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jpoimboe, jshortt, jstancek, jthierry, jwboyer, kcarcia, kernel-maint, kernel-mgr, kpatch-maint, lgoncalv, linville, lzampier, masami256, mchehab, michal.skrivanek, mperina, nmurray, nobody, ptalbert, qzhao, rhandlin, rvrbovsk, sbonazzo, scweaver, security-response-team, steved, vkumar, walters, williams, ycote |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | kernel 5.16-rc4 | Doc Type: | If docs needed, set a value |
Doc Text: |
A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-06-03 17:12:52 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2030416, 2030417, 2030418, 2032299, 2032300, 2032301, 2032302, 2032303, 2032304, 2032305, 2032306, 2032307, 2032308, 2032474, 2032475, 2032476, 2032477, 2032478, 2032479, 2032480, 2032481, 2032489, 2032490, 2032491, 2032492, 2032493, 2032494, 2032495, 2032496, 2032815, 2032816, 2056596 | ||
Bug Blocks: | 2029320, 2032781 |
Description
Alex
2021-12-07 15:07:54 UTC
Created oVirt tracking bug for this issue: Affects: oVirt Node 4.4 [ #2056596 ] This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0821 https://access.redhat.com/errata/RHSA-2022:0821 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0823 https://access.redhat.com/errata/RHSA-2022:0823 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0820 https://access.redhat.com/errata/RHSA-2022:0820 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0851 https://access.redhat.com/errata/RHSA-2022:0851 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0925 https://access.redhat.com/errata/RHSA-2022:0925 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0958 https://access.redhat.com/errata/RHSA-2022:0958 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Via RHSA-2022:1104 https://access.redhat.com/errata/RHSA-2022:1104 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Via RHSA-2022:1103 https://access.redhat.com/errata/RHSA-2022:1103 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Advanced Update Support Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Red Hat Enterprise Linux 7.6 Telco Extended Update Support Via RHSA-2022:1107 https://access.redhat.com/errata/RHSA-2022:1107 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1185 https://access.redhat.com/errata/RHSA-2022:1185 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1198 https://access.redhat.com/errata/RHSA-2022:1198 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1199 https://access.redhat.com/errata/RHSA-2022:1199 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2022:1263 https://access.redhat.com/errata/RHSA-2022:1263 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Red Hat Enterprise Linux 7.7 Telco Extended Update Support Via RHSA-2022:1324 https://access.redhat.com/errata/RHSA-2022:1324 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions Via RHSA-2022:1373 https://access.redhat.com/errata/RHSA-2022:1373 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:1413 https://access.redhat.com/errata/RHSA-2022:1413 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:1418 https://access.redhat.com/errata/RHSA-2022:1418 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:1455 https://access.redhat.com/errata/RHSA-2022:1455 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1975 https://access.redhat.com/errata/RHSA-2022:1975 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1988 https://access.redhat.com/errata/RHSA-2022:1988 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Via RHSA-2022:2189 https://access.redhat.com/errata/RHSA-2022:2189 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2022:4896 https://access.redhat.com/errata/RHSA-2022:4896 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-4083 |