Reset Search
 

 

Article

SA45470 - OpenSSL Security Advisory CVE-2021-4154

« Go Back

Information

 
Product Affected
Problem
A vulnerability has been reported under https://nvd.nist.gov/vuln/detail/CVE-2021-4154

Description:
A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.
Solution
Ivanti(Pulse Products) are not vulnerable to CVE-2021-4154 .
Workaround
Implementation
Related Links
CVSS Score8.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Risk Assessment
Acknowledgements
Alert Type 
Risk Level 
Attachment 1 
Attachment 2 
Legacy ID

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255