VDB
CVE-2021-3492
CVE-2021-3492
PUBLISHED
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.
EPSS 24.44% · 96.2th percentile
Risk Scores
EPSS Score
24.44%
96.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | linux-hwe | 5.3.0-67.61, 0, 4.18.0-13.14~18.04.1 |
| Ubuntu:18.04:LTS | linux-azure-5.3 | 5.3.0-1035.36, 0, * |
| Ubuntu:18.04:LTS | linux-gke-5.3 | 5.3.0-1011.12~18.04.1, *, 5.3.0-1033.35 |
| Ubuntu:Pro:FIPS-updates:20.04:LTS | linux-aws-fips | 0, 5.4.0-1021.21+fips2 |
| Ubuntu:18.04:LTS | linux-gke-5.4 | 0, 5.4.0-1035.37~18.04.1, 5.4.0-1036.38~18.04.1 |
| Ubuntu:22.04:LTS | linux-intel-iot-realtime | 5.15.0-1073.75, 0 |
| Ubuntu:18.04:LTS | linux-azure-5.4 | *, 5.4.0-1031.32~18.04.1, 5.4.0-1026.26~18.04.1 |
| Ubuntu:18.04:LTS | linux-gcp-edge | 0, *, * |
| Ubuntu:20.04:LTS | linux-gke | 5.4.0-1036.38, 5.4.0-1041.43, 5.4.0-1037.39 |
| Ubuntu:20.04:LTS | linux | 0, 5.4.0-54.60, 5.4.0-64.72 |
| Ubuntu:18.04:LTS | linux-oracle-5.4 | 5.4.0-1041.44~18.04.1, 5.4.0-1039.42~18.04.1, 5.4.0-1038.41~18.04.1 |
| Ubuntu:20.04:LTS | linux-gkeop | 5.4.0-1009.10, 0, 5.4.0-1011.12 |
| Ubuntu:18.04:LTS | linux-raspi-5.4 | 5.4.0-1025.28~18.04.1, 5.4.0-1026.29~18.04.1, 5.4.0-1028.31~18.04.1 |
| Ubuntu:20.04:LTS | linux-oem-5.6 | 5.6.0-1050.54, 5.6.0-1021.21, 5.6.0-1028.28 |
| Ubuntu:16.04:LTS | linux-hwe-edge | 4.15.0-13.14~16.04.1, 4.15.0-23.25~16.04.1, * |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 6.8.0-2019.20, 0 |
| Ubuntu:Pro:FIPS:20.04:LTS | linux-gcp-fips | 5.4.0-1021.21+fips1, 0 |
| Ubuntu:20.04:LTS | linux-riscv-5.8 | 5.8.0-17.19~20.04.1, 0, 5.8.0-20.22~20.04.1 |
| Ubuntu:20.04:LTS | linux-hwe-5.8 | *, *, * |
| Ubuntu:Pro:FIPS:20.04:LTS | linux-azure-fips | 0, 5.4.0-1022.22+fips1 |
…and 26 more
Exploit Intelligence
- PoC for CVE-2021-3492 used at Pwn2Own 2021 (github-poc)
- PoC for CVE-2021-3492 used at Pwn2Own 2021 (github-poc)
- PoC for CVE-2021-3492 used at Pwn2Own 2021 (github-poc)
- PoC for CVE-2021-3492 used at Pwn2Own 2021 (github-poc)
- PoC for CVE-2021-3492 used at Pwn2Own 2021 (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
- CVE-2008-5161 OpenSSH 4.7p1 Audit Helper Automates version checking and credential auditing of legacy OpenSSH 4.7p1 (Debian-8ubuntu1) targets by driving Metasploit’s auxiliary/scanner/ssh/ssh_login module from Python via pwntools. (github-poc)
…and 165 more exploits
Timeline
- Apr 15, 2021 CVE Published
- Apr 17, 2021 EPSS Score
- Aug 4, 2021 EPSS Score
- Oct 28, 2021 EPSS Score
- Dec 30, 2021 EPSS Score
- Mar 2, 2022 EPSS Score
- Apr 22, 2022 PoC Published
- Jul 5, 2022 EPSS Score
- Nov 8, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- May 14, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-3492 third-party-advisory
- https://ubuntu.com/security/notices/USN-4915-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4917-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-3492 third-party-advisory