CVE-2021-20269
kexec-tools: incorrect permissions on kdump dmesg file
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.
Se ha encontrado un fallo en los permisos de un archivo de registro creado por kexec-tools. Este fallo permite a un usuario local no privilegiado leer este archivo y filtrar información interna del kernel de un pánico anterior. La mayor amenaza de esta vulnerabilidad es la confidencialidad. Este fallo afecta a kexec-tools distribuido por Fedora versiones anteriores a 2.0.21-8 y versiones de RHEL anteriores a 2.0.20-47
A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-17 CVE Reserved
- 2021-11-10 CVE Published
- 2023-09-30 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1934261 | 2021-11-09 | |
https://access.redhat.com/security/cve/CVE-2021-20269 | 2021-11-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Kexec-tools Project Search vendor "Kexec-tools Project" | Kexec-tools Search vendor "Kexec-tools Project" for product "Kexec-tools" | < 2.0.21-8 Search vendor "Kexec-tools Project" for product "Kexec-tools" and version " < 2.0.21-8" | - |
Affected
| in | Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | - | - |
Safe
|
Kexec-tools Project Search vendor "Kexec-tools Project" | Kexec-tools Search vendor "Kexec-tools Project" for product "Kexec-tools" | < 2.0.20-47 Search vendor "Kexec-tools Project" for product "Kexec-tools" and version " < 2.0.20-47" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | - | - |
Safe
|