CVE-2021-3492

Summary

Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.

Affected Software

VendorProductVersion RangeStatus
UbuntuLinux kernel5.8 kernel < 5.8.0-50.56affected
UbuntuLinux kernel5.4 kernel < 5.4.0-72.80affected

Weaknesses

  • CWE-415: CWE-415: Double Free
  • CWE-401: CWE-401: Missing Release of Memory after Effective Lifetime

ADP Enrichment

CVE Program Container

Additional References

References