What is CVE-2021-4154?

CVE-2021-4154 is a high-severity vulnerability in Linux Linux_kernel, classified under Use After Free. CVSS score: 8.8/10. Published 2022-02-04.

How severe is CVE-2021-4154?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2021-4154 known to be exploited?

27 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Use After Free in Linux Linux_kernel

CVE-2021-4154

A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parame…

Vulnerability class: Use-After-Free

EPSS: 0.012 (64.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Linux Linux_kernel — versions 5.14
Netapp Hci_baseboard_management_controller — versions h300e, h300s, h410s
Redhat Enterprise_linux — versions 8.0
Redhat Virtualization — versions 4.0
N/a Kernel — versions Fixed in kernel 5.14 rc2

Weakness classification (CWE)

CWE-416 — Use After Free

Public proof-of-concept exploits

References

secalert@redhat.com (Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
secalert@redhat.com (Patch, Mailing List, x_refsource_MISC, Vendor Advisory)
secalert@redhat.com (Third Party Advisory, x_refsource_MISC)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)

Frequently asked questions

What is CVE-2021-4154?: CVE-2021-4154 is a high-severity vulnerability in Linux Linux_kernel, classified under Use After Free. CVSS score: 8.8/10. Published 2022-02-04.
How severe is CVE-2021-4154?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2021-4154 known to be exploited?: 27 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.