Headline
CVE-2021-4197: Use open-time creds and namespace for migration perm checks
An unprivileged write to the file handler flaw in the Linux kernel’s control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
Note: If your use of the APIs is failing with an error titled ‘API access must use the Authorization header’ then you need to read the API Authentication changes announcement
Bug 2035652 (CVE-2021-4197) - CVE-2021-4197 kernel: cgroup: Use open-time creds and namespace for migration perm checks
Summary: CVE-2021-4197 kernel: cgroup: Use open-time creds and namespace for migration…
Keywords:
Status:
NEW
Alias:
CVE-2021-4197
Product:
Security Response
Classification:
Other
Component:
vulnerability
Sub Component:
Version:
unspecified
Hardware:
All
OS:
Linux
Priority:
medium
Severity:
medium
Target Milestone:
—
Assignee:
Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
2035766 2035767 2035768 2035668
Blocks:
2030983 2036691
TreeView+
depends on / blocked
Reported:
2021-12-26 13:49 UTC by Alex
Modified:
2022-01-24 18:59 UTC (History)
CC List:
46 users (show)
Fixed In Version:
Linux kernel 5.17-rc1
Doc Type:
If docs needed, set a value
Doc Text:
An unprivileged write to the file handler flaw in the Linux kernel’s control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
Clone Of:
Environment:
Last Closed:
Attachments
(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)
Description Alex 2021-12-26 13:49:57 UTC
In cgroups (control groups) functionality of Linux Kernel found potential security weakness that may allow scenarios where a less privileged process tricks a more privileged one into writing into a fd that it created. This could lead to local escalation of privilege for the containers or other processes that uses cgroups in such a way. User interaction is not needed for exploitation.
Reference and upstream patch: https://lore.kernel.org/lkml/[email protected]/T/
Comment 3 Alex 2021-12-26 16:48:08 UTC
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2035668]
Note You need to log in before you can comment on or make changes to this bug.