vulnerability

Oracle Linux: CVE-2021-4197: ELSA-2022-9480: Unbreakable Enterprise kernel-container security update (IMPORTANT) (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:H/Au:S/C:C/I:C/A:N)	Sep 12, 2021	May 18, 2022	Jan 23, 2025

Severity

CVSS

(AV:L/AC:H/Au:S/C:C/I:C/A:N)

Published

Sep 12, 2021

Added

May 18, 2022

Modified

Jan 23, 2025

Description

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.

Solution(s)

oracle-linux-upgrade-kerneloracle-linux-upgrade-kernel-uek

References

CVE-2021-4197
https://attackerkb.com/topics/CVE-2021-4197
ELSA-ELSA-2022-9480
ELSA-ELSA-2022-9479
ELSA-ELSA-2022-1988

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today