1. Home
  2. Vulnerabilities
  3. CVE-2021-31440

CVE-2021-31440

CVSS v3.1 7 (High)
70% Progress
CVSS v2.0 6.9 (Medium)
69% Progress
EPSS 0.05 % (18th)
0.05% Progress
Affected Products 18
Advisories 9
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661.

Weaknesses
CWE-682
Incorrect Calculation
CVE Status
PUBLISHED
CNA
Zero Day Initiative
Published Date
2021-05-21 15:15:07
(3 years ago)
Updated Date
2023-08-11 19:53:47
(13 months ago)

Affected Products

Linux

Netapp

Configuration #1

    CPE23 From Up To
  Linux Kernel from 5.7 version and prior 5.10.37 version cpe:2.3:o:linux:linux_kernel >= 5.7 < 5.10.37
  Linux Kernel from 5.11 version and prior 5.11.21 version cpe:2.3:o:linux:linux_kernel >= 5.11 < 5.11.21
  Linux Kernel from 5.12 version and prior 5.12.4 version cpe:2.3:o:linux:linux_kernel >= 5.12 < 5.12.4

Configuration #2

AND
    CPE23 From Up To
OR  
  Netapp Solidfire Baseboard Management Controller Firmware cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-
OR  
  Running on/with
  Netapp Solidfire Baseboard Management Controller cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-

Configuration #3

    CPE23 From Up To
  Netapp Cloud Backup cpe:2.3:a:netapp:cloud_backup:-

Configuration #4

AND
    CPE23 From Up To
OR  
  Netapp H500s Firmware cpe:2.3:o:netapp:h500s_firmware:-
OR  
  Running on/with
  Netapp H500s cpe:2.3:h:netapp:h500s:-

Configuration #5

AND
    CPE23 From Up To
OR  
  Netapp H700s Firmware cpe:2.3:o:netapp:h700s_firmware:-
OR  
  Running on/with
  Netapp H700s cpe:2.3:h:netapp:h700s:-

Configuration #6

AND
    CPE23 From Up To
OR  
  Netapp H300e Firmware cpe:2.3:o:netapp:h300e_firmware:-
OR  
  Running on/with
  Netapp H300e cpe:2.3:h:netapp:h300e:-

Configuration #7

AND
    CPE23 From Up To
OR  
  Netapp H500e Firmware cpe:2.3:o:netapp:h500e_firmware:-
OR  
  Running on/with
  Netapp H500e cpe:2.3:h:netapp:h500e:-

Configuration #8

AND
    CPE23 From Up To
OR  
  Netapp H700e Firmware cpe:2.3:o:netapp:h700e_firmware:-
OR  
  Running on/with
  Netapp H700e cpe:2.3:h:netapp:h700e:-

Configuration #9

AND
    CPE23 From Up To
OR  
  Netapp H410s Firmware cpe:2.3:o:netapp:h410s_firmware:-
OR  
  Running on/with
  Netapp H410s cpe:2.3:h:netapp:h410s:-

Configuration #10

AND
    CPE23 From Up To
OR  
  Netapp H300s Firmware cpe:2.3:o:netapp:h300s_firmware:-
OR  
  Running on/with
  Netapp H300s cpe:2.3:h:netapp:h300s:-