---

CVE-2021-4002 - log back

CVE-2021-4002 edited at 27 Nov 2021 11:53:49
References	https://www.openwall.com/lists/oss-security/2021/11/25/1 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.5&id=556d59293a2a94863797a7a50890992aa5e8db16 + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.82&id=40bc831ab5f630431010d1ff867390b07418a7ee

CVE-2021-4002 edited at 25 Nov 2021 22:04:15
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ On the Linux kernel 3.6 and later before version 5.15.5, it is possible for an attacker to leak or change data that resides on hugetlbfs. Such data can reside on hugetlbfs, for instance if the victim runs mmap() using the MAP_HUGETLB or shmget() with SHM_HUGETLB. If a victim maps executable code onto hugetlbfs, the executable can be modified as well.
References	+ https://www.openwall.com/lists/oss-security/2021/11/25/1 + https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.5&id=556d59293a2a94863797a7a50890992aa5e8db16

CVE-2021-4002 created at 25 Nov 2021 22:00:49
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes