Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2021-20239

Untrusted Pointer Dereference

Published: May 28, 2021 | Modified: Nov 21, 2024
CVSS 3.x
3.3
LOW
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
3.8 LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Ubuntu
LOW
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2021-20239
CWEhttps://cwe.mitre.org/data/definitions/822.html

A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality.

Weakness

The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux * 5.4.92 (excluding)
Linux Ubuntu focal *
Linux Ubuntu groovy *
Linux Ubuntu upstream *
Linux-allwinner Ubuntu upstream *
Linux-allwinner-5.19 Ubuntu upstream *
Linux-aws Ubuntu focal *
Linux-aws Ubuntu groovy *
Linux-aws Ubuntu upstream *
Linux-aws-5.0 Ubuntu bionic *
Linux-aws-5.0 Ubuntu esm-infra/bionic *
Linux-aws-5.0 Ubuntu upstream *
Linux-aws-5.11 Ubuntu upstream *
Linux-aws-5.13 Ubuntu upstream *
Linux-aws-5.15 Ubuntu upstream *
Linux-aws-5.19 Ubuntu upstream *
Linux-aws-5.3 Ubuntu bionic *
Linux-aws-5.3 Ubuntu esm-infra/bionic *
Linux-aws-5.3 Ubuntu upstream *
Linux-aws-5.4 Ubuntu bionic *
Linux-aws-5.4 Ubuntu upstream *
Linux-aws-5.8 Ubuntu upstream *
Linux-aws-6.2 Ubuntu upstream *
Linux-aws-6.5 Ubuntu upstream *
Linux-aws-6.8 Ubuntu upstream *
Linux-aws-fips Ubuntu fips-updates/focal *
Linux-aws-fips Ubuntu fips/focal *
Linux-aws-fips Ubuntu trusty *
Linux-aws-fips Ubuntu upstream *
Linux-aws-fips Ubuntu xenial *
Linux-aws-hwe Ubuntu upstream *
Linux-azure Ubuntu bionic *
Linux-azure Ubuntu esm-infra/bionic *
Linux-azure Ubuntu focal *
Linux-azure Ubuntu groovy *
Linux-azure Ubuntu upstream *
Linux-azure-4.15 Ubuntu upstream *
Linux-azure-5.11 Ubuntu upstream *
Linux-azure-5.13 Ubuntu upstream *
Linux-azure-5.15 Ubuntu upstream *
Linux-azure-5.19 Ubuntu upstream *
Linux-azure-5.3 Ubuntu bionic *
Linux-azure-5.3 Ubuntu esm-infra/bionic *
Linux-azure-5.3 Ubuntu upstream *
Linux-azure-5.4 Ubuntu bionic *
Linux-azure-5.4 Ubuntu upstream *
Linux-azure-5.8 Ubuntu upstream *
Linux-azure-6.2 Ubuntu upstream *
Linux-azure-6.5 Ubuntu upstream *
Linux-azure-6.8 Ubuntu upstream *
Linux-azure-edge Ubuntu bionic *
Linux-azure-edge Ubuntu esm-infra/bionic *
Linux-azure-edge Ubuntu upstream *
Linux-azure-fde Ubuntu focal *
Linux-azure-fde Ubuntu upstream *
Linux-azure-fde-5.15 Ubuntu upstream *
Linux-azure-fde-5.19 Ubuntu upstream *
Linux-azure-fde-6.2 Ubuntu upstream *
Linux-azure-fips Ubuntu fips-updates/focal *
Linux-azure-fips Ubuntu fips/focal *
Linux-azure-fips Ubuntu trusty *
Linux-azure-fips Ubuntu upstream *
Linux-azure-fips Ubuntu xenial *
Linux-bluefield Ubuntu focal *
Linux-bluefield Ubuntu upstream *
Linux-dell300x Ubuntu upstream *
Linux-fips Ubuntu fips/focal *
Linux-fips Ubuntu upstream *
Linux-gcp Ubuntu bionic *
Linux-gcp Ubuntu esm-infra/bionic *
Linux-gcp Ubuntu focal *
Linux-gcp Ubuntu groovy *
Linux-gcp Ubuntu upstream *
Linux-gcp-4.15 Ubuntu upstream *
Linux-gcp-5.11 Ubuntu upstream *
Linux-gcp-5.13 Ubuntu upstream *
Linux-gcp-5.15 Ubuntu upstream *
Linux-gcp-5.19 Ubuntu upstream *
Linux-gcp-5.3 Ubuntu bionic *
Linux-gcp-5.3 Ubuntu esm-infra/bionic *
Linux-gcp-5.3 Ubuntu upstream *
Linux-gcp-5.4 Ubuntu bionic *
Linux-gcp-5.4 Ubuntu upstream *
Linux-gcp-5.8 Ubuntu upstream *
Linux-gcp-6.2 Ubuntu upstream *
Linux-gcp-6.5 Ubuntu upstream *
Linux-gcp-6.8 Ubuntu upstream *
Linux-gcp-edge Ubuntu bionic *
Linux-gcp-edge Ubuntu esm-infra/bionic *
Linux-gcp-edge Ubuntu upstream *
Linux-gcp-fips Ubuntu fips-updates/focal *
Linux-gcp-fips Ubuntu fips/focal *
Linux-gcp-fips Ubuntu trusty *
Linux-gcp-fips Ubuntu upstream *
Linux-gcp-fips Ubuntu xenial *
Linux-gke Ubuntu focal *
Linux-gke Ubuntu upstream *
Linux-gke Ubuntu xenial *
Linux-gke-4.15 Ubuntu bionic *
Linux-gke-4.15 Ubuntu esm-infra/bionic *
Linux-gke-4.15 Ubuntu upstream *
Linux-gke-5.0 Ubuntu bionic *
Linux-gke-5.0 Ubuntu upstream *
Linux-gke-5.15 Ubuntu upstream *
Linux-gke-5.3 Ubuntu bionic *
Linux-gke-5.3 Ubuntu upstream *
Linux-gke-5.4 Ubuntu bionic *
Linux-gke-5.4 Ubuntu upstream *
Linux-gkeop Ubuntu focal *
Linux-gkeop Ubuntu upstream *
Linux-gkeop-5.15 Ubuntu upstream *
Linux-gkeop-5.4 Ubuntu bionic *
Linux-gkeop-5.4 Ubuntu upstream *
Linux-hwe Ubuntu bionic *
Linux-hwe Ubuntu esm-infra/bionic *
Linux-hwe Ubuntu upstream *
Linux-hwe-5.11 Ubuntu upstream *
Linux-hwe-5.13 Ubuntu upstream *
Linux-hwe-5.15 Ubuntu upstream *
Linux-hwe-5.19 Ubuntu upstream *
Linux-hwe-5.4 Ubuntu bionic *
Linux-hwe-5.4 Ubuntu upstream *
Linux-hwe-5.8 Ubuntu focal *
Linux-hwe-5.8 Ubuntu upstream *
Linux-hwe-6.2 Ubuntu upstream *
Linux-hwe-6.5 Ubuntu upstream *
Linux-hwe-6.8 Ubuntu upstream *
Linux-hwe-edge Ubuntu bionic *
Linux-hwe-edge Ubuntu esm-infra/bionic *
Linux-hwe-edge Ubuntu esm-infra/xenial *
Linux-hwe-edge Ubuntu upstream *
Linux-hwe-edge Ubuntu xenial *
Linux-ibm Ubuntu upstream *
Linux-ibm-5.15 Ubuntu upstream *
Linux-ibm-5.4 Ubuntu upstream *
Linux-intel Ubuntu upstream *
Linux-intel-5.13 Ubuntu upstream *
Linux-intel-iot-realtime Ubuntu upstream *
Linux-intel-iotg Ubuntu upstream *
Linux-intel-iotg-5.15 Ubuntu upstream *
Linux-iot Ubuntu upstream *
Linux-kvm Ubuntu focal *
Linux-kvm Ubuntu groovy *
Linux-kvm Ubuntu upstream *
Linux-laptop Ubuntu upstream *
Linux-lowlatency Ubuntu upstream *
Linux-lowlatency-hwe-5.15 Ubuntu upstream *
Linux-lowlatency-hwe-5.19 Ubuntu upstream *
Linux-lowlatency-hwe-6.2 Ubuntu upstream *
Linux-lowlatency-hwe-6.5 Ubuntu upstream *
Linux-lowlatency-hwe-6.8 Ubuntu upstream *
Linux-lts-trusty Ubuntu precise/esm *
Linux-lts-trusty Ubuntu upstream *
Linux-lts-xenial Ubuntu upstream *
Linux-nvidia Ubuntu upstream *
Linux-nvidia-6.2 Ubuntu upstream *
Linux-nvidia-6.5 Ubuntu upstream *
Linux-nvidia-6.8 Ubuntu upstream *
Linux-nvidia-lowlatency Ubuntu upstream *
Linux-oem Ubuntu bionic *
Linux-oem Ubuntu esm-infra/bionic *
Linux-oem Ubuntu upstream *
Linux-oem Ubuntu xenial *
Linux-oem-5.10 Ubuntu upstream *
Linux-oem-5.13 Ubuntu upstream *
Linux-oem-5.14 Ubuntu upstream *
Linux-oem-5.17 Ubuntu upstream *
Linux-oem-5.6 Ubuntu focal *
Linux-oem-5.6 Ubuntu upstream *
Linux-oem-6.0 Ubuntu upstream *
Linux-oem-6.1 Ubuntu upstream *
Linux-oem-6.11 Ubuntu upstream *
Linux-oem-6.5 Ubuntu upstream *
Linux-oem-6.8 Ubuntu upstream *
Linux-oem-osp1 Ubuntu upstream *
Linux-oracle Ubuntu focal *
Linux-oracle Ubuntu groovy *
Linux-oracle Ubuntu upstream *
Linux-oracle-5.0 Ubuntu bionic *
Linux-oracle-5.0 Ubuntu esm-infra/bionic *
Linux-oracle-5.0 Ubuntu upstream *
Linux-oracle-5.11 Ubuntu upstream *
Linux-oracle-5.13 Ubuntu upstream *
Linux-oracle-5.15 Ubuntu upstream *
Linux-oracle-5.3 Ubuntu bionic *
Linux-oracle-5.3 Ubuntu esm-infra/bionic *
Linux-oracle-5.3 Ubuntu upstream *
Linux-oracle-5.4 Ubuntu bionic *
Linux-oracle-5.4 Ubuntu upstream *
Linux-oracle-5.8 Ubuntu upstream *
Linux-oracle-6.5 Ubuntu upstream *
Linux-oracle-6.8 Ubuntu upstream *
Linux-raspi Ubuntu focal *
Linux-raspi Ubuntu groovy *
Linux-raspi Ubuntu upstream *
Linux-raspi-5.4 Ubuntu bionic *
Linux-raspi-5.4 Ubuntu upstream *
Linux-raspi-realtime Ubuntu upstream *
Linux-raspi2 Ubuntu focal *
Linux-raspi2 Ubuntu upstream *
Linux-raspi2-5.3 Ubuntu bionic *
Linux-raspi2-5.3 Ubuntu upstream *
Linux-realtime Ubuntu jammy *
Linux-realtime Ubuntu upstream *
Linux-riscv Ubuntu focal *
Linux-riscv Ubuntu groovy *
Linux-riscv Ubuntu upstream *
Linux-riscv-5.11 Ubuntu upstream *
Linux-riscv-5.15 Ubuntu upstream *
Linux-riscv-5.19 Ubuntu upstream *
Linux-riscv-5.8 Ubuntu focal *
Linux-riscv-5.8 Ubuntu upstream *
Linux-riscv-6.5 Ubuntu upstream *
Linux-riscv-6.8 Ubuntu upstream *
Linux-snapdragon Ubuntu upstream *
Linux-starfive Ubuntu upstream *
Linux-starfive-5.19 Ubuntu upstream *
Linux-starfive-6.2 Ubuntu upstream *
Linux-starfive-6.5 Ubuntu upstream *
Linux-xilinx-zynqmp Ubuntu upstream *
Red Hat Enterprise Linux 8 RedHat kernel-rt-0:4.18.0-348.rt7.130.el8 *
Red Hat Enterprise Linux 8 RedHat kernel-0:4.18.0-348.el8 *

Extended Description

An attacker can supply a pointer for memory locations that the product is not expecting. If the pointer is dereferenced for a write operation, the attack might allow modification of critical state variables, cause a crash, or execute code. If the dereferencing operation is for a read, then the attack might allow reading of sensitive data, cause a crash, or set a variable to an unexpected value (since the value will be read from an unexpected memory location). There are several variants of this weakness, including but not necessarily limited to:

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use