CVE-2021-3492
Ubuntu linux kernel shiftfs file system double free vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.
Shiftfs, un sistema de archivos de apilamiento fuera del árbol incluido en los kernels de Ubuntu Linux, no manejaba apropiadamente los fallos que ocurrían durante la función copy_from_user(). Esto podría conllevar a una situación de doble liberación o a que la memoria no sea liberada del todo. Un atacante podría usar esto para causar una denegación de servicio (agotamiento de la memoria del kernel) u alcanzar privilegios por medio de la ejecución de código arbitrario. También se conoce como ZDI-CAN-13562
This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the ShiftFS module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-09 CVE Reserved
- 2021-04-16 CVE Published
- 2021-08-03 First Exploit
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
- CWE-415: Double Free
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/162614/Kernel-Live-Patch-Security-Notice-LSN-0077-1.html | Third Party Advisory |
|
| https://www.openwall.com/lists/oss-security/2021/04/16/2 | Mailing List |
|
| https://www.zerodayinitiative.com/advisories/ZDI-21-422 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/synacktiv/CVE-2021-3492 | 2021-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://ubuntu.com/security/notices/USN-4917-1 | 2021-05-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | < 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version " < 18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | >= 18.04.1 < 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version " >= 18.04.1 < 20.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | < 20.10 Search vendor "Canonical" for product "Ubuntu Linux" and version " < 20.10" | - |
Affected
| ||||||