CVE-2021-4002 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Arbitrary code execution
Description	On the Linux kernel 3.6 and later before version 5.15.5, it is possible for an attacker to leak or change data that resides on hugetlbfs. Such data can reside on hugetlbfs, for instance if the victim runs mmap() using the MAP_HUGETLB or shmget() with SHM_HUGETLB. If a victim maps executable code onto hugetlbfs, the executable can be modified as well.

Group	Package	Affected	Fixed	Severity	Status
AVG-2589	linux-lts	5.10.81-1	5.10.82-1	Medium	Fixed
AVG-2586	linux-zen	5.15.4.zen1-1	5.15.5.zen1-1	Medium	Fixed
AVG-2585	linux	5.15.4.arch1-1	5.15.5.arch1-1	Medium	Fixed
AVG-2524	linux-hardened	5.14.21.hardened1-1	5.15.5.hardened1-1	Medium	Fixed

References
https://www.openwall.com/lists/oss-security/2021/11/25/1 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.5&id=556d59293a2a94863797a7a50890992aa5e8db16 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.82&id=40bc831ab5f630431010d1ff867390b07418a7ee

References

https://www.openwall.com/lists/oss-security/2021/11/25/1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.5&id=556d59293a2a94863797a7a50890992aa5e8db16
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.82&id=40bc831ab5f630431010d1ff867390b07418a7ee