CVE-2021-3664 is a vulnerability that was discovered in the Linux kernel's memory management system. The vulnerability allows an attacker with local access to a system to cause a denial-of-service (DoS) attack or execute arbitrary code with elevated privileges. The vulnerability was introduced in 2014 and affects versions 3.16 through 5.12 of the Linux kernel.
The vulnerability was discovered by Jann Horn, a security researcher at Google Project Zero, who reported it to the Linux kernel maintainers in April 2021. A patch was released on May 18, 2021, and subsequently included in the Linux kernel versions 5.12.7, 5.11.24, 5.10.41, 5.4.123, and 4.19.194. The vulnerability was assigned CVE-2021-3664, and it has a CVSS score of 6.2 out of 10.
If left unpatched, the vulnerability could allow an attacker to escalate their privileges on a compromised system or cause a DoS attack, potentially leading to data loss or theft. Therefore, it is critical that users of affected systems update their operating systems or apply the patch issued by the Linux kernel maintainers to protect themselves from potential exploitation.