The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html | Third Party Advisory VDB Entry |
http://www.openwall.com/lists/oss-security/2021/03/23/2 | Mailing List Third Party Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809 | Mailing List Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210416-0006/ | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2021/03/23/2 | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
02 Dec 2021, 19:37
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* |
|
References | (MISC) http://packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html - Third Party Advisory, VDB Entry | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html - Mailing List, Third Party Advisory |
12 Nov 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Oct 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2021-03-23 18:15
Updated : 2024-02-04 21:23
NVD link : CVE-2021-3444
Mitre link : CVE-2021-3444
CVE.ORG link : CVE-2021-3444
JSON object : View
Products Affected
canonical
- ubuntu_linux
debian
- debian_linux
linux
- linux_kernel