2026786 – (CVE-2021-4135) CVE-2021-4135 kernel: Heap information leak in map_lookup_elem function

Bug 2026786 (CVE-2021-4135) - CVE-2021-4135 kernel: Heap information leak in map_lookup_elem function

Summary: CVE-2021-4135 kernel: Heap information leak in map_lookup_elem function

Keywords:
Status:	NEW
Alias:	CVE-2021-4135
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2027105 2027106 2027107
Blocks:	2026788 2033830
TreeView+	depends on / blocked

Reported:	2021-11-25 19:53 UTC by Pedro Sampaio
Modified:	2023-09-19 14:13 UTC (History)
CC List:	43 users (show)
Fixed In Version:	Linux kernel 5.16-rc6
Doc Type:	If docs needed, set a value
Doc Text:	A flaw memory leak in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2021-11-25 19:53:38 UTC

A kernel information leak was found in the map_lookup_elem function.

Upstream commit:

https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=481221775d53

Note You need to log in before you can comment on or make changes to this bug.

acaringi
adscvr
airlied
alciregi
allarkin
bhu
blc
chwhite
crwood
dvlasenk
hdegoede
hkrzesin
jarod
jarodwilson
jburrell
jeremy
jfaracco
jforbes
jglisse
jlelli
jonathan
josef
jshortt
jstancek
jwboyer
kcarcia
kernel-maint
kernel-mgr
lgoncalv
linville
lzampier
masami256
mchehab
mlangsdo
nmurray
ptalbert
qzhao
rvrbovsk
scweaver
steved
vkumar
walters
williams