{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-4028", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-03T17:16:04.248Z", "dateReserved": "2021-11-29T00:00:00", "datePublished": "2022-08-24T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-12-28T00:00:00"}, "descriptions": [{"lang": "en", "value": "A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system."}], "affected": [{"vendor": "n/a", "product": "kernel", "versions": [{"version": "Fixed in kernel 5.15-rc1", "status": "affected"}]}], "references": [{"url": "https://lkml.org/lkml/2021/10/4/697"}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0bdc5afaa74"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027201"}, {"url": "https://access.redhat.com/security/cve/CVE-2021-4028"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0"}, {"url": "https://security.netapp.com/advisory/ntap-20221228-0002/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-416 - Use After Free", "cweId": "CWE-416"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:16:04.248Z"}, "title": "CVE Program Container", "references": [{"url": "https://lkml.org/lkml/2021/10/4/697", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0bdc5afaa74", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027201", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2021-4028", "tags": ["x_transferred"]}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20221228-0002/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "247858D3-F7A3-4645-8903-6EDFD43FB0E1", "versionEndExcluding": "5.10.71", "versionStartIncluding": "5.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A437B0D-8305-4C72-B691-D26986A126CF", "versionEndExcluding": "5.14.10", "versionStartIncluding": "5.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise:15.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "D4160B6E-BB1D-4476-877E-5D8CA47226DE", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise:15.0:sp4:*:*:*:*:*:*", "matchCriteriaId": "A6A1F863-4D18-45F9-86D5-91ED3B38EB47", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system."}, {"lang": "es", "value": "Un fallo en la implementaci\u00f3n del kernel de Linux del c\u00f3digo de escucha del administrador de comunicaciones RDMA permit\u00eda a un atacante con acceso local configurar un socket para que escuchara en un puerto alto, lo que permit\u00eda un uso de memoria previamente liberada de un elemento de la lista. Dada la capacidad de ejecutar c\u00f3digo, un atacante local podr\u00eda aprovechar este uso de memoria previamente liberada para bloquear el sistema o posiblemente escalar privilegios en el sistema."}], "id": "CVE-2021-4028", "lastModified": "2024-11-21T06:36:45.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-24T16:15:09.197", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-4028"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027201"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0bdc5afaa74"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lkml.org/lkml/2021/10/4/697"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221228-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-4028"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027201"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1193167#c0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0bdc5afaa74"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://lkml.org/lkml/2021/10/4/697"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221228-0002/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Hao Sun for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:1199", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1160.62.1.rt56.1203.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-04-05T00:00:00Z"}, {"advisory": "RHSA-2022:1185", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-04-05T00:00:00Z"}, {"advisory": "RHSA-2022:1198", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1160.62.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-04-05T00:00:00Z"}, {"advisory": "RHSA-2022:2189", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "kernel-0:3.10.0-514.101.1.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2022-05-11T00:00:00Z"}, {"advisory": "RHSA-2022:2188", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "kernel-0:3.10.0-693.100.1.el7", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2022-05-11T00:00:00Z"}, {"advisory": "RHSA-2022:2186", "cpe": "cpe:/o:redhat:rhel_aus:7.6", "package": "kernel-0:3.10.0-957.94.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)", "release_date": "2022-05-11T00:00:00Z"}, {"advisory": "RHSA-2022:2186", "cpe": "cpe:/o:redhat:rhel_tus:7.6", "package": "kernel-0:3.10.0-957.94.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date": "2022-05-11T00:00:00Z"}, {"advisory": "RHSA-2022:2186", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "kernel-0:3.10.0-957.94.1.el7", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2022-05-11T00:00:00Z"}, {"advisory": "RHSA-2022:2211", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2022-05-11T00:00:00Z"}, {"advisory": "RHSA-2022:1324", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "kernel-0:3.10.0-1062.66.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2022-04-12T00:00:00Z"}, {"advisory": "RHSA-2022:1324", "cpe": "cpe:/o:redhat:rhel_tus:7.7", "package": "kernel-0:3.10.0-1062.66.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Telco Extended Update Support", "release_date": "2022-04-12T00:00:00Z"}, {"advisory": "RHSA-2022:1324", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "kernel-0:3.10.0-1062.66.1.el7", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2022-04-12T00:00:00Z"}, {"advisory": "RHSA-2022:1373", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2022-04-13T00:00:00Z"}, {"advisory": "RHSA-2022:1555", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-348.23.1.rt7.153.el8_5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-04-26T00:00:00Z"}, {"advisory": "RHSA-2022:1535", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-04-26T00:00:00Z"}, {"advisory": "RHSA-2022:1550", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-348.23.1.el8_5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-04-26T00:00:00Z"}, {"advisory": "RHSA-2022:0823", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "kernel-0:4.18.0-147.64.1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-03-10T00:00:00Z"}, {"advisory": "RHSA-2022:0851", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-03-14T00:00:00Z"}, {"advisory": "RHSA-2022:0958", "cpe": "cpe:/o:redhat:rhel_e4s:8.1", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-03-17T00:00:00Z"}, {"advisory": "RHSA-2022:0629", "cpe": "cpe:/a:redhat:rhel_eus:8.2::nfv", "package": "kernel-rt-0:4.18.0-193.75.1.rt13.125.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-02-22T00:00:00Z"}, {"advisory": "RHSA-2022:0590", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-02-22T00:00:00Z"}, {"advisory": "RHSA-2022:0636", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "kernel-0:4.18.0-193.75.1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-02-22T00:00:00Z"}, {"advisory": "RHSA-2022:0771", "cpe": "cpe:/a:redhat:rhel_eus:8.4::nfv", "package": "kernel-rt-0:4.18.0-305.40.1.rt7.112.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-03-08T00:00:00Z"}, {"advisory": "RHSA-2022:0772", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-03-08T00:00:00Z"}, {"advisory": "RHSA-2022:0777", "cpe": "cpe:/o:redhat:rhel_eus:8.4", "package": "kernel-0:4.18.0-305.40.1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-03-08T00:00:00Z"}, {"advisory": "RHSA-2022:1263", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.3.22-20220330.1.el7_9", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2022-04-07T00:00:00Z"}, {"advisory": "RHSA-2022:4896", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package": "redhat-virtualization-host-0:4.5.0-202205291010_8.6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2022-06-03T00:00:00Z"}], "bugzilla": {"description": "kernel: use-after-free in RDMA listen()", "id": "2027201", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2027201"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.", "A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free.  Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-4028", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-10-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-4028\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-4028\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bc0bdc5afaa74\nhttps://lkml.org/lkml/2021/10/4/697"], "threat_severity": "Important"}