CVE-2021-4154
📋 TL;DR
A use-after-free vulnerability in the Linux kernel's cgroup v1 parser allows local attackers with user privileges to escalate privileges. This can lead to container breakout scenarios and denial of service attacks. Systems running vulnerable Linux kernel versions with cgroup v1 enabled are affected.
💻 Affected Systems
- Linux Kernel
📦 What is this software?
Hci Baseboard Management Controller by Netapp
View all CVEs affecting Hci Baseboard Management Controller →
Hci Baseboard Management Controller by Netapp
View all CVEs affecting Hci Baseboard Management Controller →
Hci Baseboard Management Controller by Netapp
View all CVEs affecting Hci Baseboard Management Controller →
Hci Baseboard Management Controller by Netapp
View all CVEs affecting Hci Baseboard Management Controller →
Hci Baseboard Management Controller by Netapp
View all CVEs affecting Hci Baseboard Management Controller →
Hci Baseboard Management Controller by Netapp
View all CVEs affecting Hci Baseboard Management Controller →
Hci Baseboard Management Controller by Netapp
View all CVEs affecting Hci Baseboard Management Controller →
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Full system compromise through privilege escalation to root, container breakout allowing host access, and system crash leading to denial of service.
Likely Case
Local privilege escalation allowing attackers to gain root access on affected systems, potentially leading to container escape in containerized environments.
If Mitigated
Limited impact if proper access controls, container security hardening, and kernel hardening are implemented.
🎯 Exploit Status
Exploitation requires local user access and knowledge of kernel exploitation techniques. Container breakout scenarios have been demonstrated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel 5.15.11 and later
Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=2034514
Restart Required: Yes
Instructions:
1. Update Linux kernel to version 5.15.11 or later. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel packages. 3. Reboot system after kernel update. 4. Verify kernel version after reboot.
🔧 Temporary Workarounds
Disable cgroup v1
linuxDisable cgroup v1 functionality to prevent exploitation
echo 'cgroup_no_v1=all' >> /etc/default/grub
update-grub
reboot
Restrict fsconfig syscall
linuxUse seccomp to block fsconfig syscall in containers
Add 'fsconfig' to seccomp filter deny list in container runtime configuration
🧯 If You Can't Patch
- Implement strict access controls to limit local user access to vulnerable systems
- Use container security hardening: run containers as non-root, implement seccomp profiles, use user namespaces
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r. If version is earlier than 5.15.11, system may be vulnerable.Check Version:
uname -rVerify Fix Applied:
After patching, verify kernel version is 5.15.11 or later with: uname -r📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- OOM killer activity
- Unexpected privilege escalation attempts in audit logs
Network Indicators:
- Not applicable - local exploit only
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "general protection fault") OR source="audit" AND ("syscall=fsconfig" OR "privilege escalation")🔗 References
- https://bugzilla.redhat.com/show_bug.cgi?id=2034514
- https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b
- https://security.netapp.com/advisory/ntap-20220225-0004/
- https://bugzilla.redhat.com/show_bug.cgi?id=2034514
- https://cloud.google.com/anthos/clusters/docs/security-bulletins#gcp-2022-002
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0462726e7ef281c35a7a4ae33e93ee2bc9975b
- https://security.netapp.com/advisory/ntap-20220225-0004/
