CVE-2021-20269 - OpenCVE

A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Kexec-tools Project	Kexec-tools
Redhat	Enterprise Linux
Fedoraproject	Fedora

Configuration 1 [-]

AND

cpe:2.3:a:kexec-tools_project:kexec-tools:*:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:kexec-tools_project:kexec-tools:*:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1934261	Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-03-09T16:29:47

Updated: 2022-03-09T16:29:47

Reserved: 2020-12-17T00:00:00

Link: CVE-2021-20269

JSON object: View

NVD Information

Status : Modified

Published: 2022-03-10T17:41:27.460

Modified: 2023-02-12T22:15:17.753

Link: CVE-2021-20269

JSON object: View

Redhat Information

No data.

CWE

CWE-276

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kexec-tools_project:kexec-tools:*:*:*:*:*:*:*:*", "matchCriteriaId": "1922DFF4-341A-4C43-B3CE-6D76A77BCE28", "versionEndExcluding": "2.0.21-8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*", "matchCriteriaId": "D3FEADDA-2AEE-4F65-9401-971B585664A8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kexec-tools_project:kexec-tools:*:*:*:*:*:*:*:*", "matchCriteriaId": "803FD25F-B044-4A48-8C33-A9D9A472112B", "versionEndExcluding": "2.0.20-47", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*", "matchCriteriaId": "3F7347E2-C2A4-4230-A1BC-F6FE93943D4F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47."}, {"lang": "es", "value": "Se ha encontrado un fallo en los permisos de un archivo de registro creado por kexec-tools. Este fallo permite a un usuario local no privilegiado leer este archivo y filtrar informaci\u00f3n interna del kernel de un p\u00e1nico anterior. La mayor amenaza de esta vulnerabilidad es la confidencialidad. Este fallo afecta a kexec-tools distribuido por Fedora versiones anteriores a 2.0.21-8 y versiones de RHEL anteriores a 2.0.20-47"}], "id": "CVE-2021-20269", "lastModified": "2023-02-12T22:15:17.753", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-10T17:41:27.460", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934261"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "nvd@nist.gov", "type": "Secondary"}]}