Exposure of Resource to Wrong Sphere

CVE-2021-46923

Medium

5.5/10

Summary

In the Linux kernel, the following vulnerability has been resolved: fs/mount_setattr: always cleanup mount_kattr Make sure that finish_mount_kattr() is called after mount_kattr was succesfully built in both the success and failure case to prevent leaking any references we took when we built it. We returned early if path lookup failed thereby risking to leak an additional reference we took when building mount_kattr when an idmapped mount was requested.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References

Advisory Timeline

Published Feb 27, 2024

Exposure of Resource to Wrong Sphere

CVE-2021-46923

Summary

CWE-668 - Exposure of Resource to Wrong Sphere

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS