CVE-2021-3490

CVSS v3.1 7.8 (High)

CVSS v2.0 7.2 (High)

EPSS 0.20 % (57^th)

Affected Products 2

Advisories 10

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).

Weaknesses

CWE-125: Out-of-bounds Read
CWE-20: Improper Input Validation
CWE-787: Out-of-bounds Write

CVE Status: PUBLISHED
CNA: Canonical Ltd.
Published Date: 2021-06-04 02:15:07
(3 years ago)
Updated Date: 2021-09-14 14:31:03
(3 years ago)

Affected Products

Canonical

Ubuntu Linux

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 5.10 version and prior 5.10.37 version	cpe:2.3:o:linux:linux_kernel	>= 5.10	< 5.10.37
Linux Kernel from 5.11 version and prior 5.11.21 version	cpe:2.3:o:linux:linux_kernel	>= 5.11	< 5.11.21
Linux Kernel from 5.12 version and prior 5.12.4 version	cpe:2.3:o:linux:linux_kernel	>= 5.12	< 5.12.4
Linux Kernel 5.13	cpe:2.3:o:linux:linux_kernel:5.13:-
Linux Kernel 5.13 Rc1	cpe:2.3:o:linux:linux_kernel:5.13:rc1
Linux Kernel 5.13 Rc2	cpe:2.3:o:linux:linux_kernel:5.13:rc2
Linux Kernel 5.13 Rc3	cpe:2.3:o:linux:linux_kernel:5.13:rc3

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 20.04	cpe:2.3:o:canonical:ubuntu_linux:20.04:::*:lts
	Canonical Ubuntu Linux 20.10	cpe:2.3:o:canonical:ubuntu_linux:20.10
	Canonical Ubuntu Linux 21.04	cpe:2.3:o:canonical:ubuntu_linux:21.04