CVE-2021-3715 Information

Description

A flaw was found in the \Routing decision\ classifier in the Linux kernel’s Traffic Control networking subsystem in the way it handled changing of classification filters leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality integrity as well as system availability.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1993988 https://www.openwall.com/lists/oss-security/2021/09/07/1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef299cc3fa1a9e1288665a9fdc8bff55629fd359 https://github.com/torvalds/linux/commit/ef299cc3fa1a9e1288665a9fdc8bff55629fd359

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8