Bug 2034514 (CVE-2021-4154) - CVE-2021-4154 kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout
Summary: CVE-2021-4154 kernel: local privilege escalation by exploiting the fsconfig s...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-4154
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2034605 2034606 2034607 2034608 2034609 2034610 2034611 2034612 2034613 2034614 2034615 2034616 2034617 2034618 2034812 2047630
Blocks: 2034131 2034777
TreeView+ depends on / blocked
 
Reported: 2021-12-21 07:54 UTC by msiddiqu
Modified: 2022-05-11 13:16 UTC (History)
60 users (show)

Fixed In Version: kernel 5.14 rc2
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
Clone Of:
Environment:
Last Closed: 2022-05-11 13:16:27 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:0238 0 None None None 2022-01-24 14:08:41 UTC
Red Hat Product Errata RHSA-2022:0186 0 None None None 2022-01-19 14:42:31 UTC
Red Hat Product Errata RHSA-2022:0187 0 None None None 2022-01-19 14:18:47 UTC
Red Hat Product Errata RHSA-2022:0231 0 None None None 2022-01-24 09:48:28 UTC
Red Hat Product Errata RHSA-2022:0819 0 None None None 2022-03-10 15:04:16 UTC
Red Hat Product Errata RHSA-2022:0825 0 None None None 2022-03-10 16:15:36 UTC
Red Hat Product Errata RHSA-2022:0841 0 None None None 2022-03-14 09:22:54 UTC
Red Hat Product Errata RHSA-2022:0849 0 None None None 2022-03-14 10:48:32 UTC

Description msiddiqu 2021-12-21 07:54:42 UTC
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel cgroup v1 parser, where a local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout and a denial of service problem on the system.

Reference:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b

Comment 11 errata-xmlrpc 2022-01-19 14:18:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0187 https://access.redhat.com/errata/RHSA-2022:0187

Comment 12 errata-xmlrpc 2022-01-19 14:42:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0186 https://access.redhat.com/errata/RHSA-2022:0186

Comment 13 errata-xmlrpc 2022-01-24 09:48:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0231 https://access.redhat.com/errata/RHSA-2022:0231

Comment 14 Sandro Bonazzola 2022-01-28 07:23:22 UTC
Created oVirt tracking bug for this issue:

Affects: oVirt Node 4.4 [ bug 2047630 ]

Comment 15 errata-xmlrpc 2022-03-10 15:04:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0819 https://access.redhat.com/errata/RHSA-2022:0819

Comment 16 errata-xmlrpc 2022-03-10 16:15:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0825 https://access.redhat.com/errata/RHSA-2022:0825

Comment 17 errata-xmlrpc 2022-03-14 09:22:49 UTC
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2022:0841 https://access.redhat.com/errata/RHSA-2022:0841

Comment 18 errata-xmlrpc 2022-03-14 10:48:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0849 https://access.redhat.com/errata/RHSA-2022:0849

Comment 21 Product Security DevOps Team 2022-05-11 13:16:22 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-4154


Note You need to log in before you can comment on or make changes to this bug.