CVE-2021-4083

7.0 HIGH

📋 TL;DR

A race condition vulnerability in the Linux kernel's Unix domain socket garbage collection allows local users to trigger a read-after-free memory flaw. This can lead to system crashes or privilege escalation. Affects Linux kernel versions prior to 5.16-rc4.

💻 Affected Systems

Products:

Linux kernel

Versions: All versions prior to 5.16-rc4

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: All Linux systems with vulnerable kernel versions are affected regardless of configuration

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Solidfire by Netapp

View all CVEs affecting Solidfire →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, complete system compromise

🟠

Likely Case

Local denial of service (system crash/kernel panic)

🟢

If Mitigated

No impact if patched or proper access controls prevent local user execution

🌐 Internet-Facing: LOW - Requires local access to exploit

🏢 Internal Only: HIGH - Any local user can potentially exploit this vulnerability

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit requires local access and race condition timing, but proof-of-concept code exists in public advisories

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.16-rc4 and later

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=2029923

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 5.16-rc4 or later
2. Apply vendor-specific kernel patches for your distribution
3. Reboot the system to load the new kernel

🔧 Temporary Workarounds

Restrict local user access

linux

Limit local shell access to trusted users only

🧯 If You Can't Patch

Implement strict access controls to prevent untrusted local users from executing code
Monitor for kernel panic/crash events and investigate suspicious local user activity

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r and compare to 5.16-rc4

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.16-rc4 or later: uname -r

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
System crash/reboot events
Suspicious local user privilege escalation

Network Indicators:

None - local exploit only

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "general protection fault")

📊 Metadata

CVE ID: CVE-2021-4083

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: January 18, 2022

Last Updated: November 21, 2024

🔗 References

https://bugzilla.redhat.com/show_bug.cgi?id=2029923 Issue Tracking,Patch,Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=054aa8d439b9 Mailing List,Patch
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20220217-0005/ Third Party Advisory
https://www.debian.org/security/2022/dsa-5096 Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Patch,Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2029923 Issue Tracking,Patch,Third Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=054aa8d439b9 Mailing List,Patch
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20220217-0005/ Third Party Advisory
https://www.debian.org/security/2022/dsa-5096 Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Patch,Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Communications Cloud Native Core Binding Support Function by Oracle

Communications Cloud Native Core Network Exposure Function by Oracle

Communications Cloud Native Core Policy by Oracle

Debian Linux by Debian

Debian Linux by Debian

H300e Firmware by Netapp

H300s Firmware by Netapp

H410c Firmware by Netapp

H410s Firmware by Netapp

H500e Firmware by Netapp

H500s Firmware by Netapp

H700e Firmware by Netapp

H700s Firmware by Netapp

Hci Management Node by Netapp

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Solidfire by Netapp

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict local user access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities