Bug 2035652 (CVE-2021-4197) - CVE-2021-4197 kernel: cgroup: Use open-time creds and namespace for migration perm checks
Summary: CVE-2021-4197 kernel: cgroup: Use open-time creds and namespace for migration...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-4197
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2035668 Red Hat2035766 Red Hat2035767 Red Hat2035768 Red Hat2075018 Red Hat2075019 Red Hat2075020 Red Hat2075021 Red Hat2075022 Red Hat2075023
Blocks: Embargoed2030983 Red Hat2036691
TreeView+ depends on / blocked
 
Reported: 2021-12-26 13:49 UTC by Alex
Modified: 2023-02-02 12:03 UTC (History)
46 users (show)

Fixed In Version: Linux kernel 5.17-rc1
Doc Type: If docs needed, set a value
Doc Text:
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
Clone Of:
Environment:
Last Closed: 2022-05-11 13:46:30 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:2229 0 None None None 2022-05-12 11:27:05 UTC
Red Hat Product Errata RHBA-2022:4630 0 None None None 2022-05-18 11:46:52 UTC
Red Hat Product Errata RHBA-2022:4693 0 None None None 2022-05-19 05:11:18 UTC
Red Hat Product Errata RHBA-2022:4969 0 None None None 2022-06-08 18:40:27 UTC
Red Hat Product Errata RHBA-2022:5088 0 None None None 2022-06-16 11:23:47 UTC
Red Hat Product Errata RHBA-2022:5744 0 None None None 2022-07-27 17:36:45 UTC
Red Hat Product Errata RHSA-2022:1975 0 None None None 2022-05-10 14:40:43 UTC
Red Hat Product Errata RHSA-2022:1988 0 None None None 2022-05-10 14:46:47 UTC
Red Hat Product Errata RHSA-2022:5626 0 None None None 2022-07-19 21:06:07 UTC
Red Hat Product Errata RHSA-2022:5633 0 None None None 2022-07-19 21:07:48 UTC

Description Alex 2021-12-26 13:49:57 UTC 
In cgroups (control groups) functionality of Linux Kernel found potential security weakness that may allow scenarios where a less privileged process tricks a more privileged one into writing into a fd that it created. This could lead to local escalation of privilege for the containers or other processes that uses cgroups in such a way. User interaction is not needed for exploitation.

Reference and upstream patch:
https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/
Comment 3 Alex 2021-12-26 16:48:08 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2035668]
Comment 11 errata-xmlrpc 2022-05-10 14:40:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1975 https://access.redhat.com/errata/RHSA-2022:1975
Comment 12 errata-xmlrpc 2022-05-10 14:46:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1988 https://access.redhat.com/errata/RHSA-2022:1988
Comment 13 Product Security DevOps Team 2022-05-11 13:46:25 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-4197
Comment 14 errata-xmlrpc 2022-07-19 21:06:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:5626 https://access.redhat.com/errata/RHSA-2022:5626
Comment 15 errata-xmlrpc 2022-07-19 21:07:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:5633 https://access.redhat.com/errata/RHSA-2022:5633
Note You need to log in before you can comment on or make changes to this bug.