CVE-2021-3444

CVSS v3.1 7.8 (High)

CVSS v2.0 4.6 (Medium)

EPSS 0.04 % (10^th)

Affected Products 3

Advisories 27

The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in the upstream kernel in commit 9b00f1b78809 ("bpf: Fix truncation handling for mod32 dst reg wrt zero") and in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101.

Weaknesses

CWE-125: Out-of-bounds Read
CWE-681: Incorrect Conversion between Numeric Types

CVE Status: PUBLISHED
CNA: Canonical Ltd.
Published Date: 2021-03-23 18:15:13
(3 years ago)
Updated Date: 2021-12-02 19:37:08
(2 years ago)

Affected Products

Configuration #1

	CPE23	From	Up To
Linux Kernel prior 5.4.101 version	cpe:2.3:o:linux:linux_kernel		< 5.4.101
Linux Kernel from 5.5.0 version and prior 5.10.19 version	cpe:2.3:o:linux:linux_kernel	>= 5.5.0	< 5.10.19
Linux Kernel from 5.11 version and prior 5.11.2 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.11.2

Configuration #2

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:esm
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 20.04	cpe:2.3:o:canonical:ubuntu_linux:20.04:::*:lts

Weaknesses

Affected Products

Canonical

Debian

Linux

Configuration #1

Configuration #2

Configuration #3