A use-after-free flaw was found in cgroup1parseparam in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
{ "vanir_signatures": [ { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@3b0462726e7ef281c35a7a4ae33e93ee2bc9975b", "signature_type": "Function", "deprecated": false, "signature_version": "v1", "target": { "file": "kernel/cgroup/cgroup-v1.c", "function": "cgroup1_parse_param" }, "digest": { "length": 1976.0, "function_hash": "43562121027514138802384445818688810638" }, "id": "CVE-2021-4154-349b9425" }, { "source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@3b0462726e7ef281c35a7a4ae33e93ee2bc9975b", "signature_type": "Line", "deprecated": false, "signature_version": "v1", "target": { "file": "kernel/cgroup/cgroup-v1.c" }, "digest": { "line_hashes": [ "191251821101608297518000102230053641", "161478230760747823243509515755670125340", "53748005745504328288671075488780645792", "268088281257053229139836659380680159012" ], "threshold": 0.9 }, "id": "CVE-2021-4154-f4532a77" } ] }