vulnerability

Oracle Linux: CVE-2021-4197: ELSA-2022-1988: kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Sep 12, 2021	May 18, 2022	Dec 3, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Sep 12, 2021

Added

May 18, 2022

Modified

Dec 3, 2025

Description

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.

Solutions

oracle-linux-upgrade-kerneloracle-linux-upgrade-kernel-uek

References

CVE-2021-4197
https://attackerkb.com/topics/CVE-2021-4197
ELSA-ELSA-2022-1988
ELSA-ELSA-2022-9479
ELSA-ELSA-2022-9480
CWE-287

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report