CVE-2021-21703

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
phpCNA
7.8 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
VendorProductVersion
phpphp
7.3.0 ≤
𝑥
≤ 7.3.31
phpphp
7.4.0 ≤
𝑥
< 7.4.25
phpphp
8.0.0 ≤
𝑥
< 8.0.12
debiandebian_linux
9.0
debiandebian_linux
10.0
debiandebian_linux
11.0
netappclustered_data_ontap
-
oraclecommunications_diameter_signaling_router
8.0.0.0 ≤
𝑥
≤ 8.5.0.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
php7.4
bullseye
7.4.33-1+deb11u5
fixed
bullseye (security)
7.4.33-1+deb11u6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
jammy
dne
impish
dne
hirsute
dne
focal
dne
bionic
dne
xenial
dne
trusty
Fixed 5.5.9+dfsg-1ubuntu4.29+esm15
released
php7.0
jammy
dne
impish
dne
hirsute
dne
focal
dne
bionic
dne
xenial
Fixed 7.0.33-0ubuntu0.16.04.16+esm2
released
trusty
dne
php7.2
jammy
dne
impish
dne
hirsute
dne
focal
dne
bionic
Fixed 7.2.24-0ubuntu0.18.04.10
released
xenial
dne
trusty
dne
php7.4
jammy
dne
impish
dne
hirsute
Fixed 7.4.16-1ubuntu2.2
released
focal
Fixed 7.4.3-4ubuntu2.7
released
bionic
dne
xenial
dne
trusty
dne
php8.0
jammy
dne
impish
Fixed 8.0.8-1ubuntu0.1
released
hirsute
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
php8.1
jammy
not-affected
impish
dne
hirsute
dne
groovy
dne
focal
dne
bionic
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2021/10/26/7
https://bugs.php.net/bug.php?id=81026
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://security.gentoo.org/glsa/202209-20
https://security.netapp.com/advisory/ntap-20211118-0003/
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
http://www.openwall.com/lists/oss-security/2021/10/26/7
https://bugs.php.net/bug.php?id=81026
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
https://security.gentoo.org/glsa/202209-20
https://security.netapp.com/advisory/ntap-20211118-0003/
https://www.debian.org/security/2021/dsa-4992
https://www.debian.org/security/2021/dsa-4993
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html