CVE-2021-4154: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2021-4154) was discovered in the Linux kernel's cgroup v1 parser, specifically in the cgroup1_parse_param function within kernel/cgroup/cgroup-v1.c. The vulnerability was discovered in December 2021 and fixed in Linux kernel version 5.14 rc2 (Kernel Commit).

The vulnerability occurs when the cgroup v1 parser incorrectly assumes that the 'source' parameter is always of type fs_value_is_string when it can also be fs_value_is_file. This assumption leads to a use-after-free condition because struct fs_parameter uses a union for the actual value, and access to that union is guarded by the param->type member. The issue can be triggered through the fsconfig syscall parameter (Kernel Commit).

The vulnerability allows a local attacker with user privileges to cause privilege escalation, potentially leading to container breakout and denial of service on the system. The vulnerability has been assigned a CVSS score of 8.8 (HIGH) with vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H (NetApp Advisory).

The vulnerability was fixed in Linux kernel version 5.14 rc2 by adding verification that the param->type is actually a string and reporting an error if not. Various vendors have released patches for their affected products. For example, Red Hat has addressed this in multiple security advisories including RHSA-2022:0186, RHSA-2022:0187, and RHSA-2022:0231 (Red Hat Bugzilla).