Vulnerability Description
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.2, < 4.14.276 |
| Oracle | Communications Cloud Native Core Binding Support Function | 22.1.1 |
| Debian | Debian Linux | 10.0 |
| Broadcom | Brocade Fabric Operating System Firmware | - |
| Netapp | H300S Firmware | - |
| Netapp | H300S | - |
| Netapp | H500S Firmware | - |
| Netapp | H500S | - |
| Netapp | H700S Firmware | - |
| Netapp | H700S | - |
| Netapp | H410S Firmware | - |
| Netapp | H410S | - |
| Netapp | H410C Firmware | - |
| Netapp | H410C | - |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2035652Issue TrackingThird Party Advisory
- https://lore.kernel.org/lkml/20211209214707.805617-1-tj%40kernel.org/T/
- https://security.netapp.com/advisory/ntap-20220602-0006/Third Party Advisory
- https://www.debian.org/security/2022/dsa-5127Third Party Advisory
- https://www.debian.org/security/2022/dsa-5173Third Party Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2035652Issue TrackingThird Party Advisory
- https://lore.kernel.org/lkml/20211209214707.805617-1-tj%40kernel.org/T/
- https://security.netapp.com/advisory/ntap-20220602-0006/Third Party Advisory
- https://www.debian.org/security/2022/dsa-5127Third Party Advisory
- https://www.debian.org/security/2022/dsa-5173Third Party Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
FAQ
What is CVE-2021-4197?
CVE-2021-4197 is a vulnerability with a CVSS score of 7.8 (HIGH). An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled ...
How severe is CVE-2021-4197?
CVE-2021-4197 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-4197?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Oracle Communications Cloud Native Core Binding Support Function, Debian Debian Linux, Broadcom Brocade Fabric Operating System Firmware, Netapp H300S Firmware.