VDB
CVE-2021-43057
CVE-2021-43057
PUBLISHED
CVSS 7.199999809265137 HIGH
An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task.
EPSS 0.15% · 34.9th percentile
Risk Scores
CVSS v2.0
7.199999809265137
EPSS Score
0.15%
34.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| netapp | h300s_firmware | |
| netapp | h410s_firmware | |
| n/a | n/a | * |
| netapp | h300e_firmware | |
| netapp | h700e_firmware | |
| netapp | h410c_firmware | |
| linux | linux_kernel | 5.13 |
| netapp | h700s_firmware | |
| netapp | h500e_firmware | |
| netapp | h500s_firmware |
Timeline
- Oct 28, 2021 EPSS Score
- Oct 28, 2021 CVE Published
- Dec 23, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 17, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jun 9, 2022 EPSS Score
- Aug 5, 2022 EPSS Score
- Sep 30, 2022 EPSS Score
- Nov 25, 2022 EPSS Score
- Jan 19, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://bugs.chromium.org/p/project-zero/issues/detail?id=2229 url
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3727a8bac0a9e77c70820655fd8715523ba3db7 url
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.8 url
- https://security.netapp.com/advisory/ntap-20211125-0001/ url
- https://ubuntu.com/security/notices/USN-5162-1 advisory
- https://ubuntu.com/security/notices/USN-5165-1 advisory
- https://ubuntu.com/security/notices/USN-5163-1 advisory
- https://ubuntu.com/security/notices/USN-5164-1 advisory
- https://ubuntu.com/security/notices/USN-5161-1 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-43057 advisory
- https://security.netapp.com/advisory/ntap-20211125-0001 url